Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Self Adaptive High Interaction Honeypots Driven by Game Theory
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Filesystem activity following a SSH compromise: an empirical study of file sequences
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Set-up and deployment of a high-interaction honeypot: experiment and lessons learned
Journal in Computer Virology
Heliza: talking dirty to the attackers
Journal in Computer Virology
DarkNOC: dashboard for honeypot management
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Interactive analysis of computer scenarios through parallel coordinates graphics
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
| Hi-index | 0.00 |
This practical experience report presents the results of an experiment aimed at building a profile of attacker behavior following a remote compromise. For this experiment, we utilized four Linux honeypot computers running SSH with easily guessable passwords. During the course of our research, we also determined the most commonly attempted usernames and passwords, the average number of attempted logins per day, and the ratio of failed to successful attempts. To build a profile of attacker behavior, we looked for specific actions taken by the attacker and the order in which they occurred. These actions were: checking the configuration, changing the password, downloading a file, installing/running rogue code, and changing the system configuration.