Analyses of malicious software long term activity: a case study

• Autorzy: Cabaj Krzysztof , Wysota Witold , Grochowski Konrad , Gawkowski Piotr

Identyfikatory

DOI

10.24425/ijet.2024.152512

• Języki publikacji: EN

Abstrakty

EN

The paper describes the approach, instruments, and their evolution over a prolonged investigation of data collected by a honeypot system. The data is focused on network activity of a cybersecurity threat, in particular, attacks and activity throughout last five years of bots belonging to Smominru botnet. Conducted analyses include, but are not limited to, IP addresses used during attacks, day by day activity and evolution of ma-licious executables distributed over the observation period. The presented results also contain behavioural analysis of the threat and attack sources. Moreover, the paper details the systems used for data acquisition, their modifications along the observations made and all the tools developed to achieve the results.

Słowa kluczowe

EN

HoneyPots; Dionaea; malware analysis; cybersecurity; Smominru botnet

• Wydawca: Polish Academy of Sciences, Committee of Electronics and Telecommunication
• Czasopismo: International Journal of Electronics and Telecommunications
• Rocznik: 2024
• Tom: Vol. 70, No. 4
• Strony: 1099--1104
• Opis fizyczny: Bibliogr., 9 poz., tab., rys.

Twórcy

autor

Cabaj Krzysztof

• Warsaw Univeristy of Technology

autor

Wysota Witold

• Warsaw University of Technology

autor

Grochowski Konrad

• Warsaw University of Technology

autor

Gawkowski Piotr

• Warsaw University of Technology

Bibliografia

• [1] B. Cheswick, “An evening with berferd in which a cracker is lured, endured, and studied,” in In Proc. Winter USENIX Conference, 1992, pp. 163-174.
• [2] I. Mokube and M. Adams, “Honeypots: concepts, approaches, and challenges,” in Proceedings of the 45th Annual ACM Southeast Conference, ser. ACMSE ’07. New York, NY, USA: Association for Computing Machinery, 2007, p. 321-326. [Online]. Available: https://doi.org/10.1145/1233341.1233399
• [3] W. Ahmad, M. A. Raza, S. Nawaz, and F. Waqas, “Detection and analysis of active attacks using honeypot,” International Journal of Computer Applications, vol. 184, no. 50, pp. 27-31, Mar 2023. [Online]. Available: https://ijcaonline.org/archives/volume184/number50/32645-2023922624/
• [4] E. Vasilomanolakis, S. Karuppayah, P. Kikiras, and M. Mühlhäuser, “A honeypot-driven cyber incident monitor: lessons learned and steps ahead,” in Proceedings of the 8th International Conference on Security of Information and Networks, ser. SIN ’15. New York, NY, USA: Association for Computing Machinery, 2015, p. 158-164. [Online]. Available: https://doi.org/10.1145/2799979.2799999
• [5] V. Sethia and A. Jeyasekar, “Malware capturing and analysis using dion-aea honeypot,” in 2019 International Carnahan Conference on Security Technology (ICCST), 2019, pp. 1-4.
• [6] K. Saikawa and V. Klyuev, “Detection and classification of malicious access using a dionaea honeypot,” in 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 2, 2019, pp. 844-848.
• [7] C. Cimpanu, “Smominru botnet infected over 500,000 windows machines,” Bleeping Computer, vol. 1, 2018.
• [8] “The massive propagation of the smominru botnet,” https://www.akamai.com/blog/security/the-massive-propagation-of-the-smominru-botnet, ac-cessed: 2024-10-10.
• [9] C. Coburn, “Sweetpotato - service to system,” Apr 2020. [Online]. Available: https://www.pentestpartners.com/security-blog/sweetpotato-service-to-system/

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr POPUL/SP/0154/2024/02 w ramach programu "Społeczna odpowiedzialność nauki II" - moduł: Popularyzacja nauki (2025).