Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on Honeypot technology
| Title | Distributed and highly-scalable WAN network attack sensing and sophisticated analysing framework based on Honeypot technology |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Fraunholz, D., Zimmermann, M., Anton, S. D., Schneider, J., Schotten, H. Dieter |
| Conference Name | 2017 7th International Conference on Cloud Computing, Data Science Engineering - Confluence |
| ISBN Number | 978-1-5090-3519-9 |
| Keywords | attack efficiency, Attack Visualization, Big Data, Botnet, botnets, brute-force login attacks, compositionality, Computer architecture, computer network security, cyber security, Data visualization, Databases, Dictionaries, distributed highly-scalable WAN honeypot network attack sensing, honeypot, honeypot technology, Internet of Things, invasive software, IoT enabled devices, IP networks, large scale DDoS attacks, Metrics, Network security, Protocols, pubcrawl, Resiliency, security, threat intelligence, wide area networks |
| Abstract | Recently, the increase of interconnectivity has led to a rising amount of IoT enabled devices in botnets. Such botnets are currently used for large scale DDoS attacks. To keep track with these malicious activities, Honeypots have proven to be a vital tool. We developed and set up a distributed and highly-scalable WAN Honeypot with an attached backend infrastructure for sophisticated processing of the gathered data. For the processed data to be understandable we designed a graphical frontend that displays all relevant information that has been obtained from the data. We group attacks originating in a short period of time in one source as sessions. This enriches the data and enables a more in-depth analysis. We produced common statistics like usernames, passwords, username/password combinations, password lengths, originating country and more. From the information gathered, we were able to identify common dictionaries used for brute-force login attacks and other more sophisticated statistics like login attempts per session and attack efficiency. |
| URL | https://ieeexplore.ieee.org/document/7943186/ |
| DOI | 10.1109/CONFLUENCE.2017.7943186 |
| Citation Key | fraunholz_distributed_2017 |
- honeypot
- wide area networks
- threat intelligence
- security
- Resiliency
- pubcrawl
- Protocols
- network security
- Metrics
- large scale DDoS attacks
- IP networks
- IoT enabled devices
- invasive software
- Internet of Things
- honeypot technology
- attack efficiency
- distributed highly-scalable WAN honeypot network attack sensing
- Dictionaries
- Databases
- Data visualization
- cyber security
- computer network security
- computer architecture
- Compositionality
- brute-force login attacks
- botnets
- botnet
- Big Data
- Attack Visualization