B0428
Title: Cluster analysis of hacker groups from terminal commands issued in honeypots
Authors: Nick Heard - Imperial College London (United Kingdom) [presenting]
Abstract: In computer security, a honeypot is a host located within a computer network designed to entice malicious intruders. From interactive sessions initiated by users engaging with a honeypot, we are able to harvest the commands they issued as well as other information about the session such as timings, operating system and IP address. These session commands provide a rare insight into the operational modes of cyber attackers, such as their automated or interactive nature, the individual scripting styles and their overall objectives. The volume of traffic passing through a honeypot can be surprisingly high, and so automating the understanding of these sessions, classifying them and detecting new emerging styles provides a challenging data science research problem.
