Title: Understanding threats: a prerequisite to enhance survivability of computing systems

Authors: F. Pouget, M. Dacier, V.H. Pham

Addresses: Institut Eurecom, B.P. 193, 06904 Sophia Antipolis, France. ' Institut Eurecom, B.P. 193, 06904 Sophia Antipolis, France. ' Institut Eurecom, B.P. 193, 06904 Sophia Antipolis, France

Abstract: This paper shows the usefulness of using simple honeypots to obtain data for a better understanding of some internet attack processes. The acquired knowledge can then be used to drive sound security design decisions in order to improve the ability of our systems to resist to attacks. Based on three years of collected data, we provide in this paper a critical review of geographical information provided by NetGeo, a study of the aftermath of the Deloder worm and a refined analysis of the interaction between machines devoted to scan and to attack.

Keywords: honeypots; forensics; internet attacks; data analysis; computing systems survivability; security; geographical information; Deloder worm.

DOI: 10.1504/IJCIS.2008.016098

International Journal of Critical Infrastructures, 2008 Vol.4 No.1/2, pp.153 - 171

Published online: 05 Dec 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article