SSH and Telnet Protocols Attack Analysis Using Honeypot Technique : *Analysis of SSH AND TELNET Honeypot

2021 6th International Conference on Computer Science and Engineering (UBMK) Pub Date : 2021-09-15 DOI:10.1109/UBMK52708.2021.9558948

Melike Başer, Ebu Yusuf Güven, M. Aydin

{"title":"SSH and Telnet Protocols Attack Analysis Using Honeypot Technique : *Analysis of SSH AND TELNET Honeypot","authors":"Melike Başer, Ebu Yusuf Güven, M. Aydin","doi":"10.1109/UBMK52708.2021.9558948","DOIUrl":null,"url":null,"abstract":"Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called’ zero-day attacks’ can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker’s behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.","PeriodicalId":106516,"journal":{"name":"2021 6th International Conference on Computer Science and Engineering (UBMK)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 6th International Conference on Computer Science and Engineering (UBMK)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UBMK52708.2021.9558948","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called’ zero-day attacks’ can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker’s behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.

查看原文本刊更多论文

基于蜜罐技术的SSH和Telnet协议攻击分析:* SSH和Telnet蜜罐分析

一般来说，针对新的网络攻击方式所采取的防御措施不足以应对网络安全风险管理。与传统的攻击方法相反，存在未被发现的攻击类型，称为“零日攻击”，可以使所采取的操作无效。蜜罐系统可以通过记录攻击者的行为来实现新的安全措施。蜜罐的目的是了解攻击者或恶意活动使用的方法和工具。特别是，它允许我们发现零日攻击类型并开发新的防御方法。攻击者将SSH (Secure Shell)、Telnet等广泛用于远程访问设备的协议作为主要攻击目标。本研究利用Cowrie软件建立了SSHTelnet蜜罐。攻击者尝试连接，并且攻击者在提供访问后记录其活动。这些收集到的攻击者日志记录和上传到系统的文件在Github上发布给其他研究人员1。我们与蜜罐分享了对SSH和Telnet协议攻击的观察和分析结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 6th International Conference on Computer Science and Engineering (UBMK)

自引率

0.00%

发文量