TY - JOUR
T1 - Using honeypots to model botnet attacks on the internet of medical things
AU - Wang, Huanran
AU - He, Hui
AU - Zhang, Weizhe
AU - Liu, Wenmao
AU - Liu, Peng
AU - Javadpour, Amir
N1 - Funding Information:
This work was partly supported by the Key-Area Research and Development Program of Guangdong Province, China 2020B0101360001 , the National Key Research and Development Program of China under Grant 2020YFB1406902 , the Shenzhen Science and Technology Research and Development Foundation, China No. JCYJ20190806143418198, the National Natural Science Foundation of China (NSFC) ( 61872110 ), the Fundamental Research Funds for the Central Universities, China (Grant No. HIT.OCEF.2021007 ), and the Peng Cheng Laboratory Project, China ( PCL2021A02 ). (Corresponding author: Hui He.)
Publisher Copyright:
© 2022 Elsevier Ltd
PY - 2022/9
Y1 - 2022/9
N2 - Corona Virus Disease 2019 (COVID-19) has led to an increase in attacks targeting widespread smart devices. A vulnerable device can join multiple botnets simultaneously or sequentially. When different attack patterns are mixed with attack records, the security analyst produces an inaccurate report. There are numerous studies on botnet detection, but there is no publicly available solution to classify attack patterns based on the control periods. To fill this gap, we propose a novel data-driven method based on an intuitive hypothesis: bots tend to show time-related attack patterns within the same botnet control period. We deploy 462 honeypots in 22 countries to capture real-world attack activities and propose an algorithm to identify control periods. Experiments have demonstrated our method's efficacy. Besides, we present eight interesting findings that will help the security community better understand and fight botnet attacks now and in the future.
AB - Corona Virus Disease 2019 (COVID-19) has led to an increase in attacks targeting widespread smart devices. A vulnerable device can join multiple botnets simultaneously or sequentially. When different attack patterns are mixed with attack records, the security analyst produces an inaccurate report. There are numerous studies on botnet detection, but there is no publicly available solution to classify attack patterns based on the control periods. To fill this gap, we propose a novel data-driven method based on an intuitive hypothesis: bots tend to show time-related attack patterns within the same botnet control period. We deploy 462 honeypots in 22 countries to capture real-world attack activities and propose an algorithm to identify control periods. Experiments have demonstrated our method's efficacy. Besides, we present eight interesting findings that will help the security community better understand and fight botnet attacks now and in the future.
UR - http://www.scopus.com/inward/record.url?scp=85133885869&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85133885869&partnerID=8YFLogxK
U2 - 10.1016/j.compeleceng.2022.108212
DO - 10.1016/j.compeleceng.2022.108212
M3 - Article
C2 - 35821875
AN - SCOPUS:85133885869
SN - 0045-7906
VL - 102
JO - Computers and Electrical Engineering
JF - Computers and Electrical Engineering
M1 - 108212
ER -