Stories from a Customized Honeypot for the IoT,ERICDATA高等教育知識庫
高等教育出版
熱門: 程明风  黃昱倫  李明昆  王善边  祝智庭  黃乃熒  
高等教育出版
首頁 臺灣期刊   學校系所   學協會   民間出版   大陸/海外期刊   政府機關   學校系所   學協會   民間出版   DOI註冊服務
篇名
Stories from a Customized Honeypot for the IoT
並列篇名
Stories from a Customized Honeypot for the IoT
作者 Javier Carrillo-MondejarJosé Roldán-GómezJuan Manuel Castelo GómezSergio Ruiz VillafrancaGuillermo Suarez-Tangil
英文摘要

Since the inception of the Internet of Things (IoT), the security measures implemented on its devices have been too weak to ensure the appropriate protection of the data that they handle. Appealed by this, cybercriminals continuously seek out for vulnerable units to control, leading to attacks spreading through networks and infecting a high number of devices. On top of that, while the IoT has evolved to provide a higher degree of security, the techniques used by attackers have done so as well, which has led to the need of continuously studying the way in which these attacks are performed to gather significant knowledge for the development of the pertinent security measures. In view of this, we analyze the state of IoT attacks by developing a high-interaction honeypot for SSH and Telnet services that simulates a custom device with the ARM architecture. This study is carried out in two steps. Firstly, we analyze and classify the interaction between the attacker and the devices by clustering the commands that they sent in the compromised Telnet and SSH sessions. Secondly, we study the malware samples that are downloaded and executed in each session and classify them based on the sequence of system calls that they execute at runtime. In addition, apart from studying the active data generated by the attacker, we extract the information that is left behind after a connection with the honeypot by inspecting the metadata associated with it. In total, more than 1,578 malicious samples were collected after 9,926 unique IP addresses interacted with the system, with the most downloaded malware family being Hajime, with 70.5% of samples belonging to it, and also detecting others such as Mirai, Gafgyt, Dofloo and Xorddos.

 

起訖頁 117-127
關鍵詞 HoneypotMalwareIoTData analyticsExpert systems
刊名 網際網路技術學刊  
期數 202401 (25:1期)
出版單位 台灣學術網路管理委員會
DOI 10.53106/160792642024012501010   複製DOI
QR Code
該期刊
上一篇
DroidExaminer: An Android Malware Hybrid Detection System Based on Ensemble Learning
該期刊
下一篇
A Quantitative Characterization of Audience Response System Research

高等教育知識庫  閱讀計畫  教育研究月刊  新書優惠  

教師服務
合作出版
期刊徵稿
聯絡高教
高教FB
讀者服務
圖書目錄
教育期刊
訂購服務
活動訊息
數位服務
高等教育知識庫
國際資料庫收錄
投審稿系統
DOI註冊
線上購買
高點網路書店 
元照網路書店
博客來網路書店
教育資源
教育網站
國際教育網站
關於高教
高教簡介
出版授權
合作單位
知識達 知識達 知識達 知識達 知識達 知識達
版權所有‧轉載必究 Copyright2011 高等教育文化事業股份有限公司  All Rights Reserved
服務信箱:edubook@edubook.com.tw 台北市館前路 26 號 6 樓 Tel:+886-2-23885899 Fax:+886-2-23892500