An empirical study of filesystem activity following a SSH compromise

被引：0

作者：

Molina, Jesus ^{[1
]}

Gordon, Joe ^{[1
]}

Chorin, Xavier ^{[2
]}

Cukier, Michel ^{[2
]}

机构：

[1] Univ Maryland, Dept Elect & Comp Engn, College Pk, MD 20742 USA

[2] Univ Maryland, Ctr Risk & Reliabil Dept Mech Engn, College Pk, MD 20742 USA

来源：

2007 6TH INTERNATIONAL CONFERENCE ON INFORMATION, COMMUNICATIONS & SIGNAL PROCESSING, VOLS 1-4 | 2007年

基金：

美国国家科学基金会;

关键词：

SSH compromises; filesystem data; host intrusion detection systems; intrusion detection systems evaluation;

D O I：

暂无

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

Monitoring filesystem data is a common method used to detect attacks. Once a computer is compromised, attackers will likely alter files, add new files or delete existing files. The changes that attackers make may target any part of the filesystem, including metadata along with files (e.g., permissions, ownerships and inodes). In this paper, we describe an empirical study that focused on SSH compromised attacks. First statistical data on the number of files targeted and the associated activity (e.g., read, write, delete, ownership and rights) is reported. Then, we refine the analysis to identify and understand patterns in the attack activity.

引用

页码：680 / +

页数：3

共 50 条

[1] Filesystem activity following a SSH compromise: An empirical-study of file sequences
Molina, Jesus
Chorin, Xavier
Cukier, Michel
INFORMATION SECURITY AND CRYPTOLOGY - ICISC 2007, 2007, 4817 : 144 - +
[2] SSH Compromise Detection using NetFlow/IPFIX
Hofstede, Rick
Hendriks, Luuk
Sperotto, Anna
Pras, Aiko
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2014, 44 (05) : 21 - 26
[3] Passive SSH Key Compromise via Lattices
Ryan, Keegan
He, Kaiwen
Sullivan, George Arnold
Heninger, Nadia
PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023, 2023, : 2886 - 2900
[4] Public Review for SSH Compromise Detection using NetFlow/IPFIX
Ballani, Hitesh
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2014, 44 (05) : 20 - 20
[5] An Empirical Study of Rust-for-Linux: The Success, Dissatisfaction, and Compromise
Li, Hongyu
Guo, Liwei
Yang, Yexuan
Wang, Shangguang
Xu, Mengwei
PROCEEDINGS OF THE 2024 USENIX ANNUAL TECHNICAL CONFERENCE, ATC 2024, 2024, : 425 - 443
[6] INTERPRETATION ERROR, SOCIAL COMPROMISE OR PERSONAL DECISION? EMPIRICAL STUDY
Valero Garces, Carmen
SENDEBAR-REVISTA DE TRADUCCION E INTERPRETACION, 2008, (19): : 245 - 256
[7] Distributed filesystem forensics: XtreemFS as a case study
Martini, Ben
Choo, Kim-Kwang Raymond
DIGITAL INVESTIGATION, 2014, 11 (04) : 295 - 313
[8] Profiling attacker behavior following SSH compromises
Ramsbrock, Daniel
Berthier, Robin
Cukier, Michel
37TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS, 2007, : 119 - +
[9] Robustness of journal classifications in SSH: an empirical analysis from Italy
Cicero, Tindaro
Malgarini, Marco
17TH INTERNATIONAL CONFERENCE ON SCIENTOMETRICS & INFORMETRICS (ISSI2019), VOL II, 2019, : 1392 - 1402
[10] A comparison of theoretical and empirical evaluations of the Borda Compromise
William V. Gehrlein
Florenz Plassmann
Social Choice and Welfare, 2014, 43 (3) : 747 - 772

← 1 2 3 4 5 →