Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 25 / Issue 11

available in:   PDF (2 MB) PS (1 MB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-025-11-1417


Analysis of the Infection and the Injection Phases of the Telnet Botnets

Tomáš Bajtoš (Pavol Jozef Šafárik University, Slovakia)

Pavol Sokol (Pavol Jozef Šafárik University, Slovakia)

Andrej Gajdoš (Pavol Jozef Šafárik University, Slovakia)

Katarína Lučivjanská (Pavol Jozef Šafárik University, Slovakia)

Terézia Mézešová (Pavol Jozef Šafárik University, Slovakia)

Abstract: With the number of Internet of Things devices increasing, also the number of vulnerable devices connected to the Internet increases. These devices can become part of botnets and cause damage to the Internet infrastructure. In this paper we study telnet botnets and their behaviour in the first two stages of its lifecycle - initial infection, and secondary infection. The main objective of this paper is to determine specific attributes of their behavior during these stages and design a model for profiling threat agents into telnet botnets groups. We implemented a telnet honeynet and analyzed collected data. Also, we applied clustering methods for security incident profiling. We consider K-modes and PAM clustering algorithms. We found out that a number of sessions and credential guessing are easily collected and usable attributes for threat agents profiling.

Keywords: clustering, profiling, security, telnet honeypot, threat agent

Categories: D.4.6, I.5.3, K.6.5