Van-Hau Pham

Learn More
This paper aims at showing the usefulness of simple honeypots to obtain data that can be used to derive analytical models of the attack processes present on the Internet. Built upon an environment which has been deployed for 18 months, we provide figures and analyses that enable us to better understand how attacks are carried out in the wild. Key(More)
In this paper, we present a new attack attribution method that has been developed within the WOMBAT 1 project. We illustrate the method with some real-world results obtained when applying it to almost two years of attack traces collected by low interaction honeypots. This analytical method aims at identifying large scale attack phenomena composed of IP(More)
In this paper, we propose a method to identify and group together traces left on low interaction honeypots by machines belonging to the same botnet(s) without having any a priori information at our disposal regarding these botnets. In other terms, we offer a solution to detect new botnets thanks to very cheap and easily deployable solutions. The approach is(More)
In [6], Pouget et al. have conjectured the existence of so-called multi-headed worms and found a couple of them on attack traces collected on a single honeypot. These worms take advantage of several distinct attack techniques to propagate but they use only one of them against a given target. From a victim's viewpoint, they are therefore indistinguishable(More)
  • 1