Practical Problems of Internet Threats Analyses

  • Krzysztof CabajEmail author
  • Konrad Grochowski
  • Piotr Gawkowski
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 365)


As the functional complexity of the malicious software increases, their analyses faces new problems. The paper presents these aspects in the context of automatic analyses of Internet threats observed with the HoneyPot technology. The problems were identified based on the experience gained from the analyses of exploits and malware using the dedicated infrastructure deployed in the network of the Institute of Computer Science at Warsaw University of Technology. They are discussed on the background of the real-life case of a recent worm targeting Network Attached Storage (NAS) devices vulnerability. The paper describes the methodology and data analysis supporting systems as well as the concept of general and custom HoneyPots used in the research.


Network Security HoneyPot Systems Network Attacks Exploits Malware 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akamai Releases Third Quarter, 2013 ’State of the Internet’ Report, (access date: January 2015)
  2. 2.
    Nazimek, P., Sosnowski, J., Gawkowski, P.: Checking fault susceptibility of cryptographic algorithms. Pomiary-Automatyka-Kontrola (10), 827–830 (2009)Google Scholar
  3. 3.
    Sosnowski, J., Gawkowski, P., Cabaj, K.: Exploring the Space of System Monitoring. In: Bembenik, R., Skonieczny, Ł., Rybiński, H., Kryszkiewicz, M., Niezgódka, M. (eds.) Intell. Tools for Building a Scientific Information. SCI, vol. 467, pp. 501–517. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  4. 4.
    Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional (2007)Google Scholar
  5. 5.
    Bringer, M.L., Chelmecki, C.A., Fujinoki, H.: A Survey: Recent Advances and Future Trends in Honeypot Research. I. J. Computer Network and Information Security 10, 63–75 (2012)CrossRefGoogle Scholar
  6. 6.
    Bodenheim, R., Butts, J., Dunlap, S., Mullins, B.: Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. International Journal of Critical Infrastructure Protection 7(2), 114–123 (2014)CrossRefGoogle Scholar
  7. 7.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2001)Google Scholar
  8. 8.
    Cabaj, K., Gawkowski, P.: HoneyPot systems in practice. Przeglad Elektrotechniczny, Sigma NOT 91(2), 63–67 (2015), doi:10.15199/48.2015.02.16Google Scholar
  9. 9.
    Ullrich, J.: Update on CVE-2014-6271: Vulnerability in bash (shellshock) InfoSec Handlers Diary Blog, (access data: January 2015)
  10. 10.
    Cabaj, K., Denis, M., Buda, M.: Management and Analytical Software for Data Gathered from HoneyPot System. Information Systems in Management 2, 182–193 (2013)Google Scholar
  11. 11.
    Cabaj, K.: Visualization As Support For Data Analysis. To appear in Information Systems in ManagementGoogle Scholar
  12. 12.
    Koetter M.: libemu: Detecting selfencrypted shellcode in network streams. The Honeynet Project (access date: January 2015)Google Scholar
  13. 13.
    Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The nepenthes platform: An efficient approach to collect malware. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 165–184. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Xu, M., Wu, L., Qi, S., Xu, J., Zhang, H., Ren, Y., Zheng, N.: A similarity metric method of obfuscated malware using function-call graph. Journal in Computer Virology Archive 9(1), 35–47 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Krzysztof Cabaj
    • 1
    Email author
  • Konrad Grochowski
    • 1
  • Piotr Gawkowski
    • 1
  1. 1.Institute of Computer ScienceWarsaw University of Technology (WUT)WarszawaPoland

Personalised recommendations