Journal of Universal Computer Science (Nov 2019)

Analysis of the Infection and the Injection Phases of the Telnet Botnets

  • Tomáš Bajtoš,
  • Pavol Sokol,
  • Andrej Gajdoš,
  • Katarína Lučivjanská,
  • Terézia Mézešová

DOI
https://doi.org/10.3217/jucs-025-11-1417
Journal volume & issue
Vol. 25, no. 11
pp. 1417 – 1436

Abstract

Read online Read online Read online

With the number of Internet of Things devices increasing, also the number of vulnerable devices connected to the Internet increases. These devices can become part of botnets and cause damage to the Internet infrastructure. In this paper we study telnet botnets and their behaviour in the first two stages of its lifecycle - initial infection, and secondary infection. The main objective of this paper is to determine specific attributes of their behavior during these stages and design a model for profiling threat agents into telnet botnets groups. We implemented a telnet honeynet and analyzed collected data. Also, we applied clustering methods for security incident profiling. We consider K-modes and PAM clustering algorithms. We found out that a number of sessions and credential guessing are easily collected and United States of Americable attributes for threat agents profiling.

Keywords