Abstract
In this paper we have presented the results of Honeypot deployment in broadband networks. The objective is to capture and characterize the attacks targeting broadband networks. To capture these attacks we have identified six different Honeypot deployment scenarios for the broadband networks. These deployment scenarios are categorized based upon their network requirements, effect on the underlying networks and the type of data captured.
To demonstrate the effectiveness of the Honeypot deployment in broadband networks we have implemented one of the most common scenario which emulates the IoT device (ADSL router). The details of the attack data captured using Honeypot emulating IoT device along with the detailed analysis results are presented in this paper.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Čeleda, P., Krejčí, R., Vykopal, J., Drašar, M.: Embedded malware - an analysis of the chuck norris botnet. In: European Conference on Computer Network Defense, 1. Vyd, pp. s. 3–10, 8 s. IEEE Computer Society, Los Alamitos (2010). ISBN 978-1-4244-9377-7, doi:10.1109/EC2ND.2010.15
Lizard stresser runs on hacked CCTV cameras — Krebs on Security. http://krebsonsecurity.com/2015/01/lizard-stresserruns-on-hacked-home-routers/
Daily Tech - Hackers Use Refrigerator, Other Devices to Send 750,000 Spam Emails. http://www.dailytech.com/Hackers+Use+Refrigerator+Oter+Devices+to+Send+750000+Spam+Emails+/article34161.htm
Software defaults as de facto regulation: The case of wireless aps. In: The 33rd Research Conference on Communication, Information, and Internet Policy (2005). http://web.si.umich.edu/tprc/papers/2005/427/TPRC%20Wireless%20Defaults.pdf
VirusTotal - Free Online Virus, Malware and URL Scanner. https://www.virustotal.com/
PSYB0T Information Page (2009). http://baume.id.au/psyb0t
Network Bluepill - stealth router-based botnet has been DDoSing dronebl for the last couple of weeks. http://www.dronebl.org/blog/8
Botnet targeting IoT devices. http://www.bluecoat.com/security-blog/2015-01-09/botnet-internet-things
Malware targeting SOHO devices. http://www.teamcymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf
Top 10 IoT Vulnerabilities. Project (2014). https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014)
CCTV DDoS botnet attacks. https://www.incapsula.com/blog/cctv-ddos-botnet-back-yard.html
Researcher sets up illegal 420,000 node botnet for IPv4 internet map (2013). http://www.theregister.co.uk/2013/03/19/carna_botnet_ipv4_internet_map/
Malware targeting broadband routers. http://www.pcworld.com/article/2098160/worm-themoon-infects-linksys-routers.html
The moon malware targeting broadband routers. http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-selfreplicating-malware/
Libemu shellcode detection and emulation library. http://resources.infosecinstitute.com/shellcode-detection-emulation-libemu/
Stamm, S., Ramzan, Z., Jakobsson, M.: Drive-by pharming. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 495–506. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77048-0_38
DDoS attacks targeting ISP in Mumbai. http://tech.firstpost.com/news-analysis/internet-service-providers-in-mumbai-targeted-in-ddos-attack-326708.html
Attack targeting broadband routers. www.rstforums.com/forum/topic/91342-broadband-routers-sohopeless-and-vendors-dont-care/
McAfee Corporation: McAfee Labs Threats Report, August 2015. http://www.mcafee.com/us/resources/reports/rpquarterly-threats-aug-2015.pdf
Panda: PandaLabs Annual Report 2015 (2015). www.pandasecurity.com/mediacenter/src/uploads/2014/07/Pandalabs2015-anual-EN.pdf
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: analysing the rise of IoT compromises. In: 9th USENIX Workshop on Offensive Technologies (WOOT) (2015)
Malwares targeting shellshock vulnerability. https://www.bluecoat.com/2014-09-29/botnets-are-making-most-shellshock-bug
Hisao Iizuka Chairman Telecom-ISAC Japan, Yoshiyasu Nishibe Director of Planning and Coordination Telecom-ISAC Japan Dealing with Cyber Attacks in Domestic Carriers. https://www.ituaj.jp/wp-content/uploads/2013/07/nb25-3_web-2.pdf
Widcatcher Honeypot monitoring ADSL routers. http://www.slideshare.net/antiy/development-confusion-and-exploration-of-Honeypot-technology
HonEyBEE Honeypot: monitoring attacks on broadband. www.ukHoneynet.org/20120322_Honeynet_Project_David_Watson_HonEeeBox_Public.pdf
Polska, N.: Home page of the ARAKIS Project. www.arakis.pl
Darknet monitoring. www.team-cymru.org
Shadow server Honeypot. http://www.shadowserver.org/wiki/pmwiki.php/Information/Honeypots
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Chamotra, S., Sehgal, R.K., Ror, S., singh, B. (2016). Honeypot Deployment in Broadband Networks. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-49806-5_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49805-8
Online ISBN: 978-3-319-49806-5
eBook Packages: Computer ScienceComputer Science (R0)