Article

Profiling Attacker Behavior Following SSH Compromises

Authors:

Daniel Ramsbrock,

Robin Berthier,

Michel CukierAuthors Info & Claims

DSN '07: Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks

Pages 119 - 124

https://doi.org/10.1109/DSN.2007.76

Published: 25 June 2007 Publication History

Publisher Site

Abstract

This practical experience report presents the results of an experiment aimed at building a profile of attacker behavior following a remote compromise. For this experiment, we utilized four Linux honeypot computers running SSH with easily guessable passwords. During the course of our research, we also determined the most commonly attempted usernames and passwords, the average number of attempted logins per day, and the ratio of failed to successful attempts. To build a profile of attacker behavior, we looked for specific actions taken by the attacker and the order in which they occurred. These actions were: checking the configuration, changing the password, downloading a file, installing/running rogue code, and changing the system configuration.

Cited By

View all

Martínez Garre JGil Pérez MRuiz-Martínez A(2021)A novel Machine Learning-based approach for the detection of SSH botnet infectionFuture Generation Computer Systems10.1016/j.future.2020.09.004115:C(387-396)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1016/j.future.2020.09.004
Fraunholz DSchneider DZemitis JSchotten H(2018)Hack My CompanyProceedings of the Central European Cybersecurity Conference 201810.1145/3277570.3277573(1-6)Online publication date: 15-Nov-2018
https://dl.acm.org/doi/10.1145/3277570.3277573
Barron TNikiforakis N(2017)Picky AttackersProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134614(387-398)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3134600.3134614
Show More Cited By

Index Terms

Profiling Attacker Behavior Following SSH Compromises

Recommendations

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks
Web and Internet Economics
Abstract
Attackers of computing resources increasingly aim to keep security compromises hidden from defenders in order to extract more value over a longer period of time. These covert attacks come in multiple varieties, which can be categorized into two ...
SSH, The Secure Shell: The Definitive Guide
Multi-aspect profiling of kernel rootkit behavior
EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems

Kernel rootkits, malicious software designed to compromise a running operating system kernel, are difficult to analyze and profile due to their elusive nature, the variety and complexity of their behavior, and the privilege level at which they run. ...

Comments

Information & Contributors

Information

Published In

DSN '07: Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks

June 2007

805 pages

ISBN:0769528554

Publisher

IEEE Computer Society

United States

Publication History

Published: 25 June 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Martínez Garre JGil Pérez MRuiz-Martínez A(2021)A novel Machine Learning-based approach for the detection of SSH botnet infectionFuture Generation Computer Systems10.1016/j.future.2020.09.004115:C(387-396)Online publication date: 1-Feb-2021
https://dl.acm.org/doi/10.1016/j.future.2020.09.004
Fraunholz DSchneider DZemitis JSchotten H(2018)Hack My CompanyProceedings of the Central European Cybersecurity Conference 201810.1145/3277570.3277573(1-6)Online publication date: 15-Nov-2018
https://dl.acm.org/doi/10.1145/3277570.3277573
Barron TNikiforakis N(2017)Picky AttackersProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134614(387-398)Online publication date: 4-Dec-2017
https://dl.acm.org/doi/10.1145/3134600.3134614
(2015)A flow-based detection method for stealthy dictionary attacks against Secure ShellJournal of Information Security and Applications10.1016/j.jisa.2014.08.00321:C(31-41)Online publication date: 1-Apr-2015
https://dl.acm.org/doi/10.1016/j.jisa.2014.08.003
Abou El Kalam AGad El Rab MDeswarte Y(2014)A model-driven approach for experimental evaluation of intrusion detection systemsSecurity and Communication Networks10.1002/sec.9117:11(1955-1973)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.1002/sec.911
Biddle RChiasson SVan Oorschot P(2012)Graphical passwordsACM Computing Surveys10.1145/2333112.233311444:4(1-41)Online publication date: 7-Sep-2012
https://dl.acm.org/doi/10.1145/2333112.2333114
Cavalcante GTricaud SSouza Cde Geus P(2012)Interactive analysis of computer scenarios through parallel coordinates graphicsProceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV10.1007/978-3-642-31128-4_23(314-325)Online publication date: 18-Jun-2012
https://dl.acm.org/doi/10.1007/978-3-642-31128-4_23
Wagener GState RDulaunoy AEngel T(2011)HelizaJournal in Computer Virology10.1007/s11416-010-0150-47:3(221-232)Online publication date: 1-Aug-2011
https://dl.acm.org/doi/10.1007/s11416-010-0150-4
Nicomette VKaâniche MAlata EHerrb M(2011)Set-up and deployment of a high-interaction honeypotJournal in Computer Virology10.1007/s11416-010-0144-27:2(143-157)Online publication date: 1-May-2011
https://dl.acm.org/doi/10.1007/s11416-010-0144-2
Wagener GState RDulaunoy AEngel T(2009)Self Adaptive High Interaction Honeypots Driven by Game TheoryProceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems10.1007/978-3-642-05118-0_51(741-755)Online publication date: 5-Nov-2009
https://dl.acm.org/doi/10.1007/978-3-642-05118-0_51
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Mitigating Covert Compromises: A Game-Theoretic Model of Targeted and Non-Targeted Covert Attacks

SSH, The Secure Shell: The Definitive Guide

Multi-aspect profiling of kernel rootkit behavior

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations