Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence 2012
DOI: 10.1145/2381896.2381904
|View full text |Cite
|
Sign up to set email alerts
|

Learning stateful models for network honeypots

Abstract: Attacks like call fraud and identity theft often involve sophisticated stateful attack patterns which, on top of normal communication, try to harm systems on a higher semantic level than usual attack scenarios. To detect these kind of threats via specially deployed honeypots, at least a minimal understanding of the inherent state machine of a specific service is needed to lure potential attackers and to keep a communication for a sufficiently large number of steps. To this end we propose PRISMA, a method for p… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
58
0
2

Year Published

2015
2015
2020
2020

Publication Types

Select...
4
3
1

Relationship

1
7

Authors

Journals

citations
Cited by 56 publications
(60 citation statements)
references
References 27 publications
0
58
0
2
Order By: Relevance
“…Krueger et al [14] went beyond the approach of Sekar et al, using n-grams and Markov chains to model protocols such as SIP, DNS and FTP. They demonstrated the effectiveness of the detection mechanisms on text protocols, but they did not test them against binary protocols.…”
Section: Related Workmentioning
confidence: 99%
“…Krueger et al [14] went beyond the approach of Sekar et al, using n-grams and Markov chains to model protocols such as SIP, DNS and FTP. They demonstrated the effectiveness of the detection mechanisms on text protocols, but they did not test them against binary protocols.…”
Section: Related Workmentioning
confidence: 99%
“…Although there has been a substantial amount of research in the area, most of the emphasis has been placed on either stages prior to the alignment [3], [40] or on challenges such as the inference of state machines (once packet types have been identified) [9], [10], [23], [24], [42]. The underlying algorithm that is used to align packets to identify their structure tends to be the same for most techniques -the Needleman-Wunsch algorithm [31].…”
Section: Introductionmentioning
confidence: 99%
“…We show that it is particularly relevant, but not limited, to automatabased algorithms. This class of algorithm has been successfully applied in traffic analysis and malware detection [10], [11], [12] and is used as the basis to apply our clustering technique on IP flow records.…”
Section: Introductionmentioning
confidence: 99%