A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

Thibaud Mérien, Xavier Bellekens, David Brosset, Christophe Claramunt

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)
30 Downloads (Pure)

Abstract

Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.
Original languageEnglish
Title of host publicationProceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems
Place of PublicationSeattle, Washington
PublisherAssociation for Computing Machinery (ACM)
Pages564-567
Number of pages4
ISBN (Electronic)9781450358897
DOIs
Publication statusPublished - 6 Nov 2018
Event26th ACM SIGSPATIAL: International Conference on Advances in Geographic Information Systems - Seattle, United States
Duration: 6 Nov 20189 Nov 2018
http://sigspatial2018.sigspatial.org/

Conference

Conference26th ACM SIGSPATIAL
Abbreviated titleACM SIGSPATIAL 2018
CountryUnited States
CitySeattle
Period6/11/189/11/18
Internet address

Fingerprint

Entropy
Internet
Computer networks
Testbeds
Large scale systems

Cite this

Mérien, T., Bellekens, X., Brosset, D., & Claramunt, C. (2018). A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). In Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (pp. 564-567). Seattle, Washington: Association for Computing Machinery (ACM). https://doi.org/10.1145/3274895.3274921
Mérien, Thibaud ; Bellekens, Xavier ; Brosset, David ; Claramunt, Christophe . / A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Seattle, Washington : Association for Computing Machinery (ACM), 2018. pp. 564-567
@inproceedings{3feddd3f2dfc47b0bd89d5b293fc81e2,
title = "A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)",
abstract = "Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.",
author = "Thibaud M{\'e}rien and Xavier Bellekens and David Brosset and Christophe Claramunt",
year = "2018",
month = "11",
day = "6",
doi = "10.1145/3274895.3274921",
language = "English",
pages = "564--567",
booktitle = "Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Mérien, T, Bellekens, X, Brosset, D & Claramunt, C 2018, A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). in Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Association for Computing Machinery (ACM), Seattle, Washington, pp. 564-567, 26th ACM SIGSPATIAL, Seattle, United States, 6/11/18. https://doi.org/10.1145/3274895.3274921

A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). / Mérien, Thibaud; Bellekens, Xavier; Brosset, David ; Claramunt, Christophe .

Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Seattle, Washington : Association for Computing Machinery (ACM), 2018. p. 564-567.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper)

AU - Mérien, Thibaud

AU - Bellekens, Xavier

AU - Brosset, David

AU - Claramunt, Christophe

PY - 2018/11/6

Y1 - 2018/11/6

N2 - Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.

AB - Computer networks are ubiquitous systems growing exponentially with a predicted 50 billion devices connected by 2050. This dramatically increases the potential attack surface of Internet networks. A key issue in cyber defense is to detect, categorize and identify these attacks, the way they are propagated and their potential impacts on the systems affected. The research presented in this paper models cyber attacks at large by considering the Internet as a complex system in which attacks are propagated over a network. We model an attack as a path from a source to a target, and where each attack is categorized according to its intention. We setup an experimental testbed with the concept of honeypot that evaluates the spatiotemporal distribution of these Internet attacks. The preliminary results show a series of patterns in space and time that illustrate the potential of the approach, and how cyber attacks can be categorized according to the concept and measure of entropy.

U2 - 10.1145/3274895.3274921

DO - 10.1145/3274895.3274921

M3 - Conference contribution

SP - 564

EP - 567

BT - Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems

PB - Association for Computing Machinery (ACM)

CY - Seattle, Washington

ER -

Mérien T, Bellekens X, Brosset D, Claramunt C. A spatio-temporal entropy-based approach for the analysis of cyber attacks (demo paper). In Proceedings of the 26th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems. Seattle, Washington: Association for Computing Machinery (ACM). 2018. p. 564-567 https://doi.org/10.1145/3274895.3274921