Visible to the public SSH and Telnet Protocols Attack Analysis Using Honeypot Technique : *Analysis of SSH AND ℡NET Honeypot

TitleSSH and Telnet Protocols Attack Analysis Using Honeypot Technique : *Analysis of SSH AND ℡NET Honeypot
Publication TypeConference Paper
Year of Publication2021
AuthorsBa\c ser, Melike, Güven, Ebu Yusuf, Aydın, Muhammed Ali
Conference Name2021 6th International Conference on Computer Science and Engineering (UBMK)
Keywordscomposability, Cowrie, cyber attack, defense, honeypot, Information security, IP networks, Metrics, Particle measurements, Protocols, pubcrawl, resilience, Resiliency, risk management, Safety, SSH, ℡NET, Tools, Zero day attacks
AbstractGenerally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called' zero-day attacks' can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker's behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.
DOI10.1109/UBMK52708.2021.9558948
Citation Keybaser_ssh_2021