A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Thibaud Mérien; Xavier Bellekens; David  Brosset; Christophe  Claramunt

doi:10.1145/3274895.3274921

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Thibaud Mérien, Xavier Bellekens, David Brosset, Christophe Claramunt

SDI - Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

94 Downloads (Pure)

Abstract

Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.

Original language	English
Title of host publication	Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems
Place of Publication	Seattle, Washington
Publisher	Association for Computing Machinery (ACM)
Pages	564-567
Number of pages	4
ISBN (Electronic)	9781450358897
DOIs	https://doi.org/10.1145/3274895.3274921
Publication status	Published - 6 Nov 2018
Event	26th ACM SIGSPATIAL: International Conference on Advances in Geographic Information Systems - Seattle, United States Duration: 6 Nov 2018 → 9 Nov 2018 http://sigspatial2018.sigspatial.org/

Conference

Conference	26th ACM SIGSPATIAL
Abbreviated title	ACM SIGSPATIAL 2018
Country	United States
City	Seattle
Period	6/11/18 → 9/11/18
Internet address	http://sigspatial2018.sigspatial.org/

Access to Document

10.1145/3274895.3274921

Bellekens_A_Spatio_temporal_Entropy_based_Approach_Accepted_2018Accepted author manuscript, 3.54 MB

Fingerprint Dive into the research topics of 'A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)'. Together they form a unique fingerprint.

Cite this

Mérien, T., Bellekens, X., Brosset, D., & Claramunt, C. (2018). A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). In Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (pp. 564-567). Association for Computing Machinery (ACM). https://doi.org/10.1145/3274895.3274921

@inproceedings{3feddd3f2dfc47b0bd89d5b293fc81e2,

title = "A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)",

abstract = "Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.",

author = "Thibaud M{\'e}rien and Xavier Bellekens and David Brosset and Christophe Claramunt",

year = "2018",

month = nov,

day = "6",

doi = "10.1145/3274895.3274921",

language = "English",

pages = "564--567",

booktitle = "Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "26th ACM SIGSPATIAL : International Conference on Advances in Geographic Information Systems, ACM SIGSPATIAL 2018 ; Conference date: 06-11-2018 Through 09-11-2018",

url = "http://sigspatial2018.sigspatial.org/",

}

Mérien, T, Bellekens, X, Brosset, D & Claramunt, C 2018, A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). in Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Association for Computing Machinery (ACM), Seattle, Washington, pp. 564-567, 26th ACM SIGSPATIAL, Seattle, United States, 6/11/18. https://doi.org/10.1145/3274895.3274921

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). / Mérien, Thibaud; Bellekens, Xavier; Brosset, David ; Claramunt, Christophe .

Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Seattle, Washington : Association for Computing Machinery (ACM), 2018. p. 564-567.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

AU - Mérien, Thibaud

AU - Bellekens, Xavier

AU - Brosset, David

AU - Claramunt, Christophe

PY - 2018/11/6

Y1 - 2018/11/6

N2 - Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.

AB - Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.

U2 - 10.1145/3274895.3274921

DO - 10.1145/3274895.3274921

M3 - Conference contribution

SP - 564

EP - 567

BT - Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

PB - Association for Computing Machinery (ACM)

CY - Seattle, Washington

T2 - 26th ACM SIGSPATIAL

Y2 - 6 November 2018 through 9 November 2018

ER -

Mérien T, Bellekens X, Brosset D, Claramunt C. A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). In Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Seattle, Washington: Association for Computing Machinery (ACM). 2018. p. 564-567 https://doi.org/10.1145/3274895.3274921