IEEE Access (Jan 2020)

Exploring Shodan From the Perspective of Industrial Control Systems

  • Yongle Chen,
  • Xiaowei Lian,
  • Dan Yu,
  • Shichao Lv,
  • Shaochen Hao,
  • Yao Ma

DOI
https://doi.org/10.1109/ACCESS.2020.2988691
Journal volume & issue
Vol. 8
pp. 75359 – 75369

Abstract

Read online

As an essential component of the critical infrastructure, the Industrial Control System (ICS) is facing increasing cyber threats. The emergence of the Shodan search engine also magnified this threat. Since it can identify and index Internet-connected industrial control devices, the Shodan search engine has become a favorite toolkit for attackers and penetration testers. In this paper, we use honeypot technology to conduct a comprehensive exploring on Shodan search engine. We first deploy six distributed honeypot systems and collect three-month traffic data. For exploring Shodan, we design a hierarchical DFA-SVM recognition model to identify Shodan scans based on the function code and traffic feature, which is adapted to find the Shodan and Shodan-like scanners superior to the predominant method of reverse resolving IPs. Finally, we conduct an in-depth analysis for Shodan scans and evaluate the impact of Shodan on industrial control systems in terms of scanning time, scanning frequency, scanning port, region preferences, ICS protocol preferences and ICS protocol function code proportion. Accordingly, we provide some defensive measures to mitigate Shodan threat.

Keywords