Title :
Empirical Analysis of Attackers Activity on Multi-tier Web Systems
Author :
Goseva-Popstojanova, Katerina ; Miller, Brandon ; Pantev, Risto ; Dimitrijevikj, Ana
Author_Institution :
Lane Dept. of Comput. Sci. & Electr. Eng., West Virginia Univ., Morgantown, WV, USA
Abstract :
Web-based systems commonly face unique set of vulnerabilities and security threats due to their high exposure, access by browsers, and integration with databases. In this paper we present empirical analysis of attackers activities based on data collected by two high-interaction honeypots. The contributions of our work include: (1) Classification of the malicious traffic to port scans, vulnerability scans, and attacks; (2) Conducting experiments which, in addition to attackers activities aimed at individual components, allowed us to observe and study vulnerability scans and attacks that span multiple system components; and (3) Statistical characterization of the malicious traffic.
Keywords :
Internet; online front-ends; security of data; statistical analysis; telecommunication traffic; Web-based systems; attackers activity; browsers; high-interaction honeypots; malicious traffic; multiple system components; multitier Web systems; security threats; statistical characterization; vulnerability scans; Application software; Computer science; Computer security; Data security; Databases; Information analysis; Statistical analysis; TCPIP; USA Councils; Web server; Web-based systems; attacks; distribution fitting; empirical analysis of malicious traffic; port and vulnerability scans;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on
Conference_Location :
Perth, WA
Print_ISBN :
978-1-4244-6695-5
DOI :
10.1109/AINA.2010.138
