<<BACK
Prophet
The Prophet project, part of the Intrusion Detection Systems Lab, is aiming to generate attacker profiles automatically based on statistical information of the attacker behaviors. The ultimate goal would be to be able to predict an attack based on the profiles that we build and as a consequence to be able to block them in time.
We define an Attacker Profile as a set of attackers with similar malicious behavior. The profile is built based on the following features:
  • source IP
  • destination port
  • timestamps of the attacks or scans
  • content of the attacking packets or information about the content
  • type of the attacked sites (academic, commercial etc.)
  • maybe geography too
The collection of features that we use is provided by the Worminator data giving the opportunity of building models on aggregated data extracted from multiple sites.
Sponsor: