Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study

March 24, 2016 Β· Declared Dead Β· πŸ› IEEE Transactions on Information Forensics and Security

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Zhenxin Zhan, Maochao Xu, Shouhuai Xu arXiv ID 1603.07433 Category cs.CR: Cryptography & Security Cross-listed stat.AP Citations 136 Venue IEEE Transactions on Information Forensics and Security Last Checked 4 months ago
Abstract
Rigorously characterizing the statistical properties of cyber attacks is an important problem. In this paper, we propose the {\em first} statistical framework for rigorously analyzing honeypot-captured cyber attack data. The framework is built on the novel concept of {\em stochastic cyber attack process}, a new kind of mathematical objects for describing cyber attacks. To demonstrate use of the framework, we apply it to analyze a low-interaction honeypot dataset, while noting that the framework can be equally applied to analyze high-interaction honeypot data that contains richer information about the attacks. The case study finds, for the first time, that Long-Range Dependence (LRD) is exhibited by honeypot-captured cyber attacks. The case study confirms that by exploiting the statistical properties (LRD in this case), it is feasible to predict cyber attacks (at least in terms of attack rate) with good accuracy. This kind of prediction capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations. The idea of "gray-box" (rather than "black-box") prediction is central to the utility of the statistical framework, and represents a significant step towards ultimately understanding (the degree of) the {\em predictability} of cyber attacks.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Cryptography & Security

Died the same way β€” πŸ‘» Ghosted