Analysis and Comparison of Honeypot Activities on Two ISP Networks

Devran Yener, Tansel Özyer, Emin Kugu
{"title":"Analysis and Comparison of Honeypot Activities on Two ISP Networks","authors":"Devran Yener, Tansel Özyer, Emin Kugu","doi":"10.1109/iisec54230.2021.9672371","DOIUrl":null,"url":null,"abstract":"While the enormous growth of cyberspace makes life easier, it also brings new challenges to overcome. The concept of the Internet of Things (IoT) is the main actor of this metamorphosis. They are spreading very quickly due to their advantages and cost-effective nature. These systems also cause risky situations by ignoring security requirements. By their nature, honeypots help us to understand and prevent malicious activities by the attackers. Although significant research has been completed by using honeypots, many of them have not evaluated the real-world scenarios, and some of them have covered only the cloud or a single network. Comparison between Internet Service Providers (ISPs) or cloud providers has been neglected. In our work, we try to fill this gap by positioning the Kippo honeypot behind two different ISP lines with some known IoT device credentials. We have collected Kippo logs for a fifteen-day period. The study shows us that all devices can be discovered by mass scan. Therefore, both ISP networks are at the same amount of risk from cyberattacks. Although there was no significant change in the number of attacks per day during the fifteen-day test period, it is quite high compared to previous studies. This comparison highlights the fact that protecting cyber assets is getting harder every year.","PeriodicalId":344273,"journal":{"name":"2021 2nd International Informatics and Software Engineering Conference (IISEC)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 2nd International Informatics and Software Engineering Conference (IISEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/iisec54230.2021.9672371","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

While the enormous growth of cyberspace makes life easier, it also brings new challenges to overcome. The concept of the Internet of Things (IoT) is the main actor of this metamorphosis. They are spreading very quickly due to their advantages and cost-effective nature. These systems also cause risky situations by ignoring security requirements. By their nature, honeypots help us to understand and prevent malicious activities by the attackers. Although significant research has been completed by using honeypots, many of them have not evaluated the real-world scenarios, and some of them have covered only the cloud or a single network. Comparison between Internet Service Providers (ISPs) or cloud providers has been neglected. In our work, we try to fill this gap by positioning the Kippo honeypot behind two different ISP lines with some known IoT device credentials. We have collected Kippo logs for a fifteen-day period. The study shows us that all devices can be discovered by mass scan. Therefore, both ISP networks are at the same amount of risk from cyberattacks. Although there was no significant change in the number of attacks per day during the fifteen-day test period, it is quite high compared to previous studies. This comparison highlights the fact that protecting cyber assets is getting harder every year.
两个ISP网络的蜜罐活动分析与比较
网络空间的巨大增长使生活更加便利,但也带来了需要克服的新挑战。物联网(IoT)的概念是这一转变的主要参与者。由于它们的优势和成本效益,它们正在迅速传播。这些系统还会由于忽视安全需求而导致危险的情况。从本质上讲,蜜罐可以帮助我们理解和防止攻击者的恶意活动。尽管通过使用蜜罐已经完成了重要的研究,但其中许多研究并没有评估真实世界的场景,其中一些研究仅涵盖了云或单个网络。互联网服务提供商(isp)和云提供商之间的比较一直被忽视。在我们的工作中,我们试图通过将Kippo蜜罐定位在两条不同的ISP线路后面,并使用一些已知的物联网设备凭据来填补这一空白。我们收集了为期15天的Kippo日志。研究表明,所有设备都可以通过大规模扫描发现。因此,两家ISP网络面临的网络攻击风险是相同的。虽然在15天的测试期间,每天的攻击次数没有明显变化,但与以往的研究相比,这是相当高的。这一对比凸显了一个事实,即保护网络资产正变得越来越困难。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信