IEEE Access (Jan 2024)

I-RECON: An IoT-Based Search Engine for Internet-Facing Services Vulnerability Reconnaissance

  • Vahid Moghiss,
  • Alireza Shameli-Sendi

DOI
https://doi.org/10.1109/ACCESS.2024.3425062
Journal volume & issue
Vol. 12
pp. 96100 – 96112

Abstract

Read online

One of the needs of an organization or a country with many and diverse services is to analyze the vulnerabilities of the services so that appropriate security measures can be implemented and deployed accordingly. Many search engines have been designed in the last two decades, which aim to collect the necessary information from services based on requested scans. Shodan and Censys are the most famous of these engines. In current search engines, users are not given the capability to engineer their searches by managing detailed and effective variables. This includes making adjustable variables related to scanning processes to intelligently extract the information requested by the user. Additionally, there is no facility to track errors that occur at different stages of scanning and information extraction, which is essential for identifying bottlenecks and adopting methods to address them. Moreover, these systems do not provide real-time identification services for controlling and managing cyber incidents according to specific ports and protocols requested by the user. They also fail to issue specific warnings that align with the policies of researchers and industrial owners. Furthermore, users are unable to define advanced queries to accurately extract information from existing big data using a variety of logical operators. These limitations underscore the need for more sophisticated and customizable search engine capabilities. The new strengths of the proposed engine, which is called I-Recon, are: 1) The ability to trace the reasons for the failure of a scan and notify the user, 2) Search on the collected information in the form of Aggregation search, which is a combination of queries. That is, the user will be able to search for various requests together, 3) The ability to set scanning parameters such as determining the range of IPs and scanning frequency, 4) The ability to adjust the rate of sending information according to the power of the scanning target so as not to disrupt the operation of the target services, and 5) Filtering metadata information at high speed. In the results section of this paper, in order to show the capabilities of the proposed engine, several scenarios such as the emergence and fixing of CVEs, the dispersion of web servers, the presence/absence of authentication in famous databases/data stores/protocols, and Cryptojacking/Ransomware detection in different geographical areas have been analyzed and investigated.

Keywords