I am writing a research paper on tracking attackers by analysing log =
files and tcp/ip network data as captured by IDS and other data capture =
If anyone has a UML honeypot that has data with ttylogs, please consider =
sending me the data. It is possible to use the ttylog data and =
comparing the timestamps of each keystroke to develop a biometric =
profile of an attacker/unauthorised user. Of couse when you combine the =
keystroke dynamics along with the attack used, the ip addresses, =
userdids, scripts, passwords and other items then we can begin to =
develop attack patterns.
I will give anyone that contributes recognition in my paper.