Title :
An empirical study of filesystem activity following a SSH compromise
Author :
Molina, Jesus ; Gordon, Joe ; Chorin, Xavier ; Cukier, Michel
Author_Institution :
Univ. of Maryland, College Park
Abstract :
Monitoring filesystem data is a common method used to detect attacks. Once a computer is compromised, attackers will likely alter files, add new files or delete existing files. The changes that attackers make may target any part of the filesystem, including metadata along with files (e.g., permissions, ownerships and inodes). In this paper, we describe an empirical study that focused on SSH compromised attacks. First statistical data on the number of files targeted and the associated activity (e.g., read, write, delete, ownership and rights) is reported. Then, we refine the analysis to identify and understand patterns in the attack activity.
Keywords :
meta data; security of data; SSH compromised attacks; attack activity; filesystem activity; filesystem data monitoring; intrusion detection systems evaluation; metadata; Computer architecture; Computerized monitoring; Educational institutions; Intrusion detection; Linux; Mechanical engineering; Permission; Radio access networks; Remote monitoring; Testing; SSH compromises; filesystem data; host intrusion detection systems; intrusion detection systems evaluation;
Conference_Titel :
Information, Communications & Signal Processing, 2007 6th International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-0982-2
Electronic_ISBN :
978-1-4244-0983-9
DOI :
10.1109/ICICS.2007.4449675
