Analysis of the Infection and the Injection Phases of the Telnet Botnets

With the number of Internet of Things devices increasing, also the number of vulnerable devices connected to the Internet increases. These devices can become part of botnets and cause damage to the Internet infrastructure. In this paper we study telnet botnets and their behaviour in the first two stages of its lifecycle initial infection, and secondary infection. The main objective of this paper is to determine specific attributes of their behavior during these stages and design a model for profiling threat agents into telnet botnets groups. We implemented a telnet honeynet and analyzed collected data. Also, we applied clustering methods for security incident profiling. We consider K-modes and PAM clustering algorithms. We found out that a number of sessions and credential guessing are easily collected and usable attributes for threat agents profiling.

[1]  Claus Weihs,et al.  klaR Analyzing German Business Cycles , 2005, Data Analysis and Decision Support.

[2]  G. Yule On the Methods of Measuring Association between Two Attributes , 1912 .

[3]  Vasaka Visoottiviseth,et al.  ABIS: A prototype of Android Botnet Identification System , 2016, 2016 Fifth ICT International Student Project Conference (ICT-ISPC).

[4]  Young Ho Kim,et al.  Android botnet categorization and family detection based on behavioural and signature data , 2015, 2015 International Conference on Information and Communication Technology Convergence (ICTC).

[5]  Chun-Yu Wang,et al.  BotCluster: A session-based P2P botnet clustering system on NetFlow , 2018, Comput. Networks.

[6]  Seungwon Shin,et al.  Who is knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning , 2018, AsiaCCS.

[7]  Sumeet Dua,et al.  Data Mining and Machine Learning in Cybersecurity , 2011 .

[8]  Pavol Sokol,et al.  Virtual honeypots and detection of telnet botnets , 2018, CECC.

[9]  Marianthi Markatou,et al.  Distance Metrics and Clustering Methods for Mixed‐type Data , 2018, International Statistical Review.

[10]  J. Gower A General Coefficient of Similarity and Some of Its Properties , 1971 .

[11]  Jianhua Li,et al.  Classification of botnet families based on features self-learning under Network Traffic Censorship , 2018, 2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC).

[12]  Ali S. Hadi,et al.  Finding Groups in Data: An Introduction to Chster Analysis , 1991 .

[13]  Xiao Cheng,et al.  Fortifying Botnet Classification based on Venn-abers Prediction , 2017 .

[14]  Laurens van der Maaten,et al.  Accelerating t-SNE using tree-based algorithms , 2014, J. Mach. Learn. Res..

[15]  Rui Xu,et al.  Survey of clustering algorithms , 2005, IEEE Transactions on Neural Networks.

[16]  Elena Sitnikova,et al.  Towards Developing Network forensic mechanism for Botnet Activities in the IoT based on Machine Learning Techniques , 2017, MONAMI.

[17]  Joachim Fabini,et al.  Botnet Communication Patterns , 2017, IEEE Communications Surveys & Tutorials.

[18]  Sven Nomm,et al.  Unsupervised Anomaly Based Botnet Detection in IoT Networks , 2018, 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA).

[19]  Madihah Mohd Saudi,et al.  A new mobile botnet classification based on permission and API calls , 2017, 2017 Seventh International Conference on Emerging Security Technologies (EST).

[20]  Saurabh Chamotra,et al.  Bot Detection and Botnet Tracking in Honeynet Context , 2016 .

[21]  Aziz Mohaisen,et al.  Measuring Botnets in the Wild: Some New Trends , 2015, AsiaCCS.

[22]  Anjali Sardana,et al.  Honeypots: A New Paradigm to Information Security , 2011 .

[23]  M. Eslahi,et al.  Bots and botnets: An overview of characteristics, detection and challenges , 2012, 2012 IEEE International Conference on Control System, Computing and Engineering.

[24]  Tankut Acarman,et al.  Botnet detection based on network flow summary and deep learning , 2018, Int. J. Netw. Manag..

[25]  Joshua Zhexue Huang,et al.  Extensions to the k-Means Algorithm for Clustering Large Data Sets with Categorical Values , 1998, Data Mining and Knowledge Discovery.

[26]  Aziz Mohaisen,et al.  Delving Into Internet DDoS Attacks by Botnets: Characterization and Analysis , 2018, IEEE/ACM Transactions on Networking.

[27]  Paul E. Green,et al.  K-modes Clustering , 2001, J. Classif..

[28]  K. R. Venugopal,et al.  EKNIS: Ensemble of KNN, Naïve Bayes Kernel and ID3 for Efficient Botnet Classification Using Stacking , 2018, 2018 International Conference on Data Science and Engineering (ICDSE).

[29]  Michael Schukat,et al.  A ZigBee honeypot to assess IoT cyberattack behaviour , 2017, 2017 28th Irish Signals and Systems Conference (ISSC).

[30]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.