• DocumentCode
    3100745
  • Title

    Characterizing Transition Behaviors in Internet Attack Sequences

  • Author

    Du, Haitao ; Yang, Shanchieh Jay

  • Author_Institution
    Dept. of Comput. Eng., Rochester Inst. of Technol., Rochester, NY, USA
  • fYear
    2011
  • fDate
    July 31 2011-Aug. 4 2011
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Cyber attacks from the Internet often span over multiple ports and multiple hosts. This work hypothesizes that there are distinct sequential patterns revealing hacking behavior. A feature called Attack Transition Action (ATA) is defined to represent the changes on attacked destinations and ports over time. The simplicity of the feature enables the development of a probabilistic model, revealing higher order transitions hidden within the attack sequences. The model trained with a real-world attack dataset uncovers several natural clusters of Internet attack behaviors. The discovered behavior patterns are explained with representative hacking strategies. Our systematic modeling and analysis provides an effective means to characterize classes of Internet attacks.
  • Keywords
    Internet; computer crime; computer network security; probability; Cyber attacks; Internet; attack sequences; attack transition action; hacking strategy; natural clusters; probabilistic model; Complexity theory; Computer crime; Computer hacking; IP networks; Internet; Markov processes; Training;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on
  • Conference_Location
    Maui, HI
  • ISSN
    1095-2055
  • Print_ISBN
    978-1-4577-0637-0
  • Type

    conf

  • DOI
    10.1109/ICCCN.2011.6006017
  • Filename
    6006017
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3100745