Van-Hau Pham

Learn More
In this paper, we present a new attack attribution method that has been developed within the WOMBAT 1 project. We illustrate the method with some real-world results obtained when applying it to almost two years of attack traces collected by low interaction honeypots. This analytical method aims at identifying large scale attack phenomena composed of IP(More)
This paper aims at showing the usefulness of simple honeypots to obtain data that can be used to derive analytical models of the attack processes present on the Internet. Built upon an environment which has been deployed for 18 months, we provide figures and analyses that enable us to better understand how attacks are carried out in the wild. Key(More)
In [6], Pouget et al. have conjectured the existence of so-called multi-headed worms and found a couple of them on attack traces collected on a single honeypot. These worms take advantage of several distinct attack techniques to propagate but they use only one of them against a given target. From a victim's viewpoint, they are therefore indistinguishable(More)
  • 1