nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

Behavioral Analysis of Bot Activity in Infected Systems Using Honeypots

verfasst von : Matej Zuzcak, Tomas Sochor

Erschienen in: Computer Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

New Internet threats emerge on daily basis and honeypots have become widely used for capturing them in order to investigate their activities. The paper focuses on a detailed analysis of the behavior of various attacks agains 7 Linux–based honeypots. The attacks were analyzed according to the threat type, session duration, AS, country and RIR of the attack origin. Clusters of similar objects were formed accordingly and certain typical attack patterns for potential detection automation as well as some aspects of threat dissemination were identified.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Path Loss Model for a Wireless Sensor Network in Different Weather Conditions

Nächstes Kapitel Enhancements of Encryption Method Used in SDEx

Available at https://github.com/CZ-NIC/kippo.

https://csirt.cz.

Details about Kippo detection using the ps x command see in https://github.com/desaster/kippo/issues/39.

Possibilities of Kippo detection – see https://github.com/desaster/kippo/issues/190.

VirusTotal service – see http://virustotal.com/.

CSIRT = Computer Security Incident Response Team.

Constituency means a part of the Internet where the CSIRT operates as an authority.

Only files with identical SHA1 hash were considered identical.

Details are available at http://r-project.org.

The unknown category includes ASes with no RIR data available. Usually this is the case for private ASes. Details can be found in IETF RFC 6996 – Autonomous System (AS) Reservation for Private Use available at https://tools.ietf.org/html/rfc6996.

Details can be found in https://securingtomorrow.mcafee.com/consumer/family-safety/drive-by-download/.

http://blog.malwaremustdie.org/2016/10/mmd-0060-2016-linuxudpfker-and-chinaz.html.

According to Softpedia, see http://news.softpedia.com/news/mirai-ddos-trojan-is-the-next-big-threat-for-iot-devices-and-linux-servers-507964.shtml.

Sochor, T., Zuzcak, M.: Study of internet threats and attack methods using honeypots and honeynets. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2014. CCIS, vol. 431, pp. 118–127. Springer, Cham (2014). doi:10.1007/978-3-319-07941-7_12 CrossRef

Sochor, T., Zuzcak, M.: Attractiveness study of honeypots and honeynets in internet threat detection. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 69–81. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_7 CrossRef

Almotairi, S., Clark, A., Mohay, G., Zimmermann, J.: Characterization of attackers’ activities in honeypot traffic using principal component analysis. In: 2008 Network and Parallel Computing, pp. 147–154. IEEE (2008). doi:10.1109/NPC.2008.82

Rieck, K., et al.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)CrossRef

Sokol, P., Andrejko, M.: Deploying honeypots and honeynets: issues of liability. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 92–101. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_9 CrossRef

Skrzewski, M.: About the efficiency of malware monitoring via server-side honeypots. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2016. CCIS, vol. 608, pp. 132–140. Springer, Cham (2016). doi:10.1007/978-3-319-39207-3_12

Skrzewski, M.: System network activity monitoring for malware threats detection. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2014. CCIS, vol. 431, pp. 138–146. Springer, Cham (2014). doi:10.1007/978-3-319-07941-7_14 CrossRef

Savenko, O., Lysenko, S., Kryshchuk, A., Klots, Y.: Botnet detection technique for corporate area network. In: 2013 Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), pp. 363–368. IEEE (2013). doi:10.1109/IDAACS.2013.6662707

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: A technique for the botnet detection based on DNS-traffic analysis. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 127–138. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_12 CrossRef

10.

Sochor, T., Zuzcak, M., Bujok, P.: Statistical analysis of attacking autonomous systems. In: International Conference on Cyber Security and Protection of Digital Services, pp. 1–6. IEEE (2016). doi:10.1109/ICUFN.2016.7537159

11.

Spitzner, L.: Honeypots: Tracking Hackers, vol. 1. Addison-Wesley, Reading (2003)

12.

Fichet, B.: Distances and Euclidean distances for presence-absence characters and their application to factor analysis. In: Proceedings of a Workshop Multidimensional Data Analysis 1985, pp. 23–46. DSWO Press, Cambridge (1986)

13.

Jaccard, P.: Etude Comparative de la Distribution dans une Portion des Alpes et du Jura. Bulletin de la Societe Vaudoise des Sciences Naturelle 4 (1901)

14.

Guha, S., Rastogi, R., Shim, K.: ROCK: a robust clustering algorithm for categorical attributes. In: Proceedings of the 15th International Conference on Data Engineering (Cat. No. 99CB36337), pp. 512–521. IEEE (1999). doi:10.1109/ICDE.1999.754967

15.

Koyuturk, M., Grama, A., Ramakrishnan, N.: Compression, clustering, and pattern discovery in very high-dimensional discrete-attribute data sets. IEEE Trans. Knowl. Data Eng. 17(4), 447–461 (2005). doi:10.1109/TKDE.2005.55. http://ieeexplore.ieee.org/document/1401886/

16.

Abdi H., Valentin D.: Multiple Correspondence Analysis. University of Texas at Dallas, Texas (2007). utdallas.edu, http://www.utdallas.edu/~herve/Abdi-MCA2007-pretty.pdf

17.

Jolliffe, I.T.: Principal component analysis and factor analysis. In: Principal Component Analysis. Springer Series in Statistics, pp. 150–166. Springer, New York (2002)

Titel: Behavioral Analysis of Bot Activity in Infected Systems Using Honeypots
verfasst von: Matej Zuzcak
Tomas Sochor
Verlag: Springer International Publishing
Buch: Computer Networks
Print ISBN: 978-3-319-59766-9

Electronic ISBN: 978-3-319-59767-6

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-59767-6_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"