Analysing Attackers and Intrusions on a High-Interaction Honeypot System

被引:2
作者
Knoechel, Mandy [1 ]
Wefel, Sandro [1 ]
机构
[1] Martin Luther Univ Halle Wittenberg, Inst Comp Sci, Halle, Saale, Germany
来源
2022 27TH ASIA PACIFIC CONFERENCE ON COMMUNICATIONS (APCC 2022): CREATING INNOVATIVE COMMUNICATION TECHNOLOGIES FOR POST-PANDEMIC ERA | 2022年
关键词
Security; Honeypot; Malware; SSH;
D O I
10.1109/APCC55198.2022.9943718
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Attackers and malware are a major threat to the growing number of servers and devices on the internet. Therefore, it is essential to study characteristics of malicious activities which can be used to aid future security mechanisms in finding and preventing these threats. Honeypots are a powerful tool to get insight into current attack techniques, malware and botnets. In this paper, we present our findings from observing the behaviour of attackers on a high-interaction Linux honeypot. We focused on attacks targeting the SSH service and analysed all steps of the intrusions, starting from the initial dictionary attack and leading to the final intrusion executing commands or malware on the honeypot. Further, we present our approach on how to decrypt and analyse the encrypted network traffic.
引用
收藏
页码:433 / 438
页数:6
相关论文
共 24 条
  • [1] Abdou AbdelRahman, 2016, Technology and Practice of Passwords. 9th International Conference, PASSWORDS 2015. Proceedings: LNCS 9551, P72, DOI 10.1007/978-3-319-29938-9_6
  • [2] [Anonymous], 2022, VirusTotal
  • [3] Picky Attackers: Quantifying the Role of System Properties on Intruder Behavior
    Barron, Timothy
    Nikiforakis, Nick
    [J]. 33RD ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2017), 2017, : 387 - 398
  • [4] Bullock J., 2017, WIRESHARK R SECURITY
  • [5] DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation
    De Donno, Michele
    Dragoni, Nicola
    Giaretta, Alberto
    Spognardi, Angelo
    [J]. SECURITY AND COMMUNICATION NETWORKS, 2018,
  • [6] A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems
    Franco, Javier
    Aris, Ahmet
    Canberk, Berk
    Uluagac, A. Selcuk
    [J]. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2021, 23 (04): : 2351 - 2383
  • [7] Ghiëtte V, 2019, PROCEEDINGS OF THE 22ND INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, P61
  • [8] Examining Mirai's Battle over the Internet of Things
    Griffioen, Harm
    Doerr, Christian
    [J]. CCS '20: PROCEEDINGS OF THE 2020 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2020, : 743 - 755
  • [9] Melese Solomon Z., 2016, International Journal of Computer Network and Information Security, V8, P19, DOI 10.5815/ijcnis.2016.09.03
  • [10] Set-up and deployment of a high-interaction honeypot: experiment and lessons learned
    Nicomette, Vincent
    Kaniche, Mohamed
    Alata, Eric
    Herrb, Matthieu
    [J]. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2011, 7 (02): : 143 - 157
123