Analysis of Cyber Attacks Using Honeypot

Abstract

In the cybersecurity world, the concept of a honeypot is generally referred to as trap systems that have real system behaviors, intentionally leave a security gap, and aim to collect information about cybercriminals who want to access them. It is a computer system that sets itself as a target to attract cyberattacks like bait. It is used to imitate a target such as cyberattackers and to learn about attack attempts, ways of working, or to distract them from other targets. In this study, a VoIP-based honeypot was used to determine the profiles of cyberattacks and attackers. A network environment was created using a low-interaction honeypot to analyze the behavior of cyberattackers and identify the services frequently preferred by these individuals. The honeypot in the network environment was monitored for a period of 90 days. 105,308 events were collected regarding protocols such as Telnet, SIP, SSH, SMB, and HTTP. There was no complex malware attack on the observed system. The service that was most attacked was determined to be Telnet. It was determined that many attacks occurred from the same IP address, indicating that automatic scanning tools were used. According to the results obtained, the proposed method performed a detailed analysis of the services from which cyberattacks came and the behaviors of the people who carried out these attacks. In addition, the highest level of understanding of user interaction was achieved thanks to the VoIP-based honeypot.

Keywords

• Honeypot
• Cyberattack
• SIP
• SMB
• SSH

References

1. Abdulqadder IH, Zou D, Aziz IT. 2023. The dag blockchain: a secure edge assisted honeypot for attack detection and multi-controller based load balancing in sdn 5g. Future Gener Comput Syst, 141: 339-354.
2. Ackerman P. 2020. Modern cybersecurity practices: exploring and implementing agile cybersecurity frameworks and strategies for your organization. BPB Publications, Delhi, India, pp: 243.
3. Adiou ML, Benzaïd C, Taleb T. 2022. Topotrust: a blockchain-based trustless and secure topology discovery in sdns. International Wireless Communications and Mobile Computing (IWCMC), May 30- June 03, Dubrovnik, Croatia, pp: 1107–1112.
4. Agarwal Y. 2022. Apache Log4j Logging Framework and Its Vulnerability. MSc Thesis, Metropolia University of Applied Sciences, Department of Information Technology, Metropolia, Finland, pp: 67.
5. Akiyama M, Yagi T, Hariu T, Kadobayashi Y. 2018. Honeycirculator: distributing credential honeytoken for introspection of web-based attack cycle. Int J Info Secur, 17(2): 135-151.
6. Altunay HC, Albayrak Z, Çakmak M. 2024. Autoencoder-based intrusion detection in critical infrastructures. Curr Trends Comput, 2(1): 1-12.
7. Bartwal U, Mukhopadhyay S, Negi R, Shukla S. 2022. Security orchestration, automation, and response engine for deployment of behavioural honeypots. IEEE Conference on Dependable and Secure Computing (DSC), June 22-24, Edinburgh, UK, pp: 1-8.
8. Bringer ML, Chelmecki CA, Fujinoki H. 2012. A survey: Recent advances and future trends in honeypot research. Int J Comput Network Info Secur, 4(10): 63.

9. Carmo R, Nassar M, Festor O. 2011. Artemisa: an open-source honeypot back-end to support security in VoIP domains. 12th IFIP/IEEE International Symposium on Integrated Network Management, May 23-27, Dublin, Ireland, pp: 361-368.
10. Conti M, Trolese F, Turrin F. 2022. Icspot: A high-interaction honeypot for industrial control systems. International Symposium on Networks, Computers and Communications (ISNCC), July 19-22, Shenzhen, China, pp: 1-4.
11. Dai B, Zhang Z, Wang L, Liu Y. 2021. APT Attack heuristic induction honeypot platform based on snort and open flow. International Conference on Smart Computing and Communication, December 29-31, New York, US, pp: 340-351.
12. Djap R, Lim C, Silaen KE, Yusuf A. 2021. Xb-pot: Revealing honeypot-based attacker’s behaviors. 9th International Conference on Information and Communication Technology (ICoICT), August 3-5, Virtual, pp: 550-555.
13. Franco J, Aris A, Canberk B, Uluagac A S. 2021. A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems. IEEE Commun Surv Tutor, 23(4): 2351-2383.
14. Gruber M, Fankhauser F, Taber S, Schanes C, Grechenig T. 2011. Security status of VoIP based on the observation of real-world attacks on a honeynet, IEEE International Conference on Privacy, Security, Risk and Trust, October 9-11, Boston, US, pp: 1041-1047.
15. Hoffstadt D, Marold AE, Rathgeb E. 2012. Analysis of SIP-based threats using a VoIP honeynet system. IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, June 25-27, Liverpool, UK, pp: 541-548.
16. Javadpour A, Ja'fari F, Taleb T, Shojafar M, Benzaïd C. 2024. A comprehensive survey on cyber deception techniques to improve honeypot performance. Comput Secur, 140: 103792.
17. Lanka P, Gupta K, Varol C. 2024. Intelligent threat detection—AI-driven analysis of honeypot data to counter cyber threats. Electronics, 13(13): 2465.
18. Nassar M, Niccolini, S, State R, Ewald T. 2007. Holistic VoIP intrusion detection and prevention system. The 1st International Conference on Principles, Systems and Applications of IP Telecommunications, July 19-20, New York, US, pp: 1-9.
19. Østvang ME, Houmb SH. 2019. Honeypot technology in a business perspective. Ring, M., Wunderlich, S., Grüdl, D., Landes, D., & Hotho, A. (2017). A toolset for intrusion and insider threat detection. Data Analyt Decis Sup Cybersecur, 2019: 3-31.
20. Provos N, Holz T. 2007. Virtual honeypots: From botnet tracking to intrusion detection, Addison-Wesley Professional, Boston, US, pp: 440.
21. Rashid SZU, Haq A, Hasan ST, Furhad MH, Ahmed M, Ullah AB. 2024. Faking smart industry: exploring cyber-threat landscape deploying cloud-based honeypot. Wireless Networks, 30(5): 4527-4541.
22. Safarik J, Voznak M, Rezac F, Partila P, Tomala K. 2013. Automatic analysis of attack data from distributed honeypot network. Mobile Multimedia/Image Process Secur Appl, 2013: 8755.
23. Spahn N, Hanke N, Holz T, Kruegel C, Vigna G. 2023. Container Orchestration Honeypot: Observing Attacks in the Wild. 26th International Symposium on Research in Attacks, Intrusions and Defenses, October 16-18, Hong Kong, pp: 381-396.
24. Spitzner L. 2003. The honeynet project: Trapping the hackers. Secur Privacy Magaz, 1(2): 15-23.
25. Srinivasa S, Pedersen MJ, Vasilomanolakis E. 2022. Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots. 38th Annual Computer Security Applications Conference, December 5-9, New York, US, pp: 742-755.
26. Valli C. 2010. An analysis of malfeasant activity directed at a VoIP honeypot. The 8th Australian Digital Forensics Conference, November 30, Perth, Australia, pp: 168-174.
27. Wang W, Liew SC, Li VO. 2005. Solutions to performance problems in VoIP over a 802.11 wireless LAN. IEEE Transact Vehicular Technol, 54(1): 366-384.
28. Zhu H, Liu M, Chen B, Che X, Cheng P, Deng R. 2024. HoneyJudge: A PLC Honeypot Identification Framework Based on Device Memory Testing. IEEE Transact Info Forens Secur, 19: 6028-6043.