Algorithms for clustering data
Algorithms for clustering data
On ordered weighted averaging aggregation operators in multicriteria decisionmaking
IEEE Transactions on Systems, Man and Cybernetics
Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Exploiting P2P systems for DDoS attacks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
BotTorrent: misusing BitTorrent to launch DDoS attacks
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
The Quest for Multi-headed Worms
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models
EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
WISTDCS '08 Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing
ICDMW '08 Proceedings of the 2008 IEEE International Conference on Data Mining Workshops
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
Aggregation Functions: A Guide for Practitioners
Aggregation Functions: A Guide for Practitioners
Honeypot Traces Forensics: The Observation Viewpoint Matters
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
A new graph-theoretic approach to clustering and segmentation
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
On a multicriteria clustering approach for attack attribution
ACM SIGKDD Explorations Newsletter
An analysis of rogue AV campaigns
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A strategic analysis of spam botnets operations
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Industrial espionage and targeted attacks: understanding the characteristics of an escalating threat
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
| Hi-index | 0.00 |
In this paper, we present a new attack attribution method that has been developed within the WOMBAT project. We illustrate the method with some real-world results obtained when applying it to almost two years of attack traces collected by low interaction honeypots. This analytical method aims at identifying large scale attack phenomena composed of IP sources that are linked to the same root cause. All malicious sources involved in a same phenomenon constitute what we call a Misbehaving Cloud (MC). The paper offers an overview of the various steps the method goes through to identify these clouds, providing pointers to external references for more detailed information. Four instances of misbehaving clouds are then described in some more depth to demonstrate the meaningfulness of the concept.