Using honeypots to model botnet attacks on the internet of medical things()

Corona Virus Disease 2019 (COVID-19) has led to an increase in attacks targeting widespread smart devices. A vulnerable device can join multiple botnets simultaneously or sequentially. When different attack patterns are mixed with attack records, the security analyst produces an inaccurate report. T...

Descripción completa

Detalles Bibliográficos
Autores principales: Wang, Huanran, He, Hui, Zhang, Weizhe, Liu, Wenmao, Liu, Peng, Javadpour, Amir
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Elsevier Ltd. 2022
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9264116/
https://www.ncbi.nlm.nih.gov/pubmed/35821875
http://dx.doi.org/10.1016/j.compeleceng.2022.108212
_version_ 1784742903033102336
author Wang, Huanran
He, Hui
Zhang, Weizhe
Liu, Wenmao
Liu, Peng
Javadpour, Amir
author_facet Wang, Huanran
He, Hui
Zhang, Weizhe
Liu, Wenmao
Liu, Peng
Javadpour, Amir
author_sort Wang, Huanran
collection PubMed
description Corona Virus Disease 2019 (COVID-19) has led to an increase in attacks targeting widespread smart devices. A vulnerable device can join multiple botnets simultaneously or sequentially. When different attack patterns are mixed with attack records, the security analyst produces an inaccurate report. There are numerous studies on botnet detection, but there is no publicly available solution to classify attack patterns based on the control periods. To fill this gap, we propose a novel data-driven method based on an intuitive hypothesis: bots tend to show time-related attack patterns within the same botnet control period. We deploy 462 honeypots in 22 countries to capture real-world attack activities and propose an algorithm to identify control periods. Experiments have demonstrated our method’s efficacy. Besides, we present eight interesting findings that will help the security community better understand and fight botnet attacks now and in the future.
format Online
Article
Text
id pubmed-9264116
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher Elsevier Ltd.
record_format MEDLINE/PubMed
spelling pubmed-92641162022-07-08 Using honeypots to model botnet attacks on the internet of medical things() Wang, Huanran He, Hui Zhang, Weizhe Liu, Wenmao Liu, Peng Javadpour, Amir Comput Electr Eng Article Corona Virus Disease 2019 (COVID-19) has led to an increase in attacks targeting widespread smart devices. A vulnerable device can join multiple botnets simultaneously or sequentially. When different attack patterns are mixed with attack records, the security analyst produces an inaccurate report. There are numerous studies on botnet detection, but there is no publicly available solution to classify attack patterns based on the control periods. To fill this gap, we propose a novel data-driven method based on an intuitive hypothesis: bots tend to show time-related attack patterns within the same botnet control period. We deploy 462 honeypots in 22 countries to capture real-world attack activities and propose an algorithm to identify control periods. Experiments have demonstrated our method’s efficacy. Besides, we present eight interesting findings that will help the security community better understand and fight botnet attacks now and in the future. Elsevier Ltd. 2022-09 2022-07-08 /pmc/articles/PMC9264116/ /pubmed/35821875 http://dx.doi.org/10.1016/j.compeleceng.2022.108212 Text en © 2022 Elsevier Ltd. All rights reserved. Since January 2020 Elsevier has created a COVID-19 resource centre with free information in English and Mandarin on the novel coronavirus COVID-19. The COVID-19 resource centre is hosted on Elsevier Connect, the company's public news and information website. Elsevier hereby grants permission to make all its COVID-19-related research that is available on the COVID-19 resource centre - including this research content - immediately available in PubMed Central and other publicly funded repositories, such as the WHO COVID database with rights for unrestricted research re-use and analyses in any form or by any means with acknowledgement of the original source. These permissions are granted for free by Elsevier for as long as the COVID-19 resource centre remains active.
spellingShingle Article
Wang, Huanran
He, Hui
Zhang, Weizhe
Liu, Wenmao
Liu, Peng
Javadpour, Amir
Using honeypots to model botnet attacks on the internet of medical things()
title Using honeypots to model botnet attacks on the internet of medical things()
title_full Using honeypots to model botnet attacks on the internet of medical things()
title_fullStr Using honeypots to model botnet attacks on the internet of medical things()
title_full_unstemmed Using honeypots to model botnet attacks on the internet of medical things()
title_short Using honeypots to model botnet attacks on the internet of medical things()
title_sort using honeypots to model botnet attacks on the internet of medical things()
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9264116/
https://www.ncbi.nlm.nih.gov/pubmed/35821875
http://dx.doi.org/10.1016/j.compeleceng.2022.108212
work_keys_str_mv AT wanghuanran usinghoneypotstomodelbotnetattacksontheinternetofmedicalthings
AT hehui usinghoneypotstomodelbotnetattacksontheinternetofmedicalthings
AT zhangweizhe usinghoneypotstomodelbotnetattacksontheinternetofmedicalthings
AT liuwenmao usinghoneypotstomodelbotnetattacksontheinternetofmedicalthings
AT liupeng usinghoneypotstomodelbotnetattacksontheinternetofmedicalthings
AT javadpouramir usinghoneypotstomodelbotnetattacksontheinternetofmedicalthings

Ejemplares similares