COWRIE HONEYPOT LOGLARI VA BELGILARI ASOSIDA HUJUMLARNI ANIQLASH HAMDA TAHLIL QILISH

Аnvаrxоn Mаjidоv

Авторы

Аnvаrxоn Mаjidоv О‘zbеkistоn Milliy Unvеrsitеti https://orcid.org/0009-0009-3797-1533

Ключевые слова:

Brute force hujumi, Cowrie Honeypot, Snort IDS, SSH autentifikatsiyasi, Parol xavfsizligi, Hakkerlar, Intrusion Prevention System (IPS)

Аннотация

Brute force hujumi kompyuter tizimiga ruxsatsiz kirish uchun hali ham keng qo‘llaniladigan hujumlardan biridir. Brute force, shuningdek, eng xavfli hujum hisoblanib, tizimning nazoratdan chiqishi katta xavf tug‘diradi. Brute force hujumlarini tekshirish kuchli kompyuter tarmoq himoya tizimlarini qurish uchun foydalidir. Ushbu tadqiqotda Snort intrusiyani oldini olish tizimi sifatida, Cowrie Honeypot esa Brute force hujumi sodir bo‘lganda paydo bo‘ladigan anomalliklarni tekshirish vositasi sifatida ishlatilgan. Ushbu tadqiqotning maqsadi Cowrie Honeypot loglarini tekshirish natijalariga asoslanib, Snort qoida belgilarining Brute force hujumlariga qarshi samaradorligini oshirishdan iborat. Olingan natijalarga ko‘ra, Snort qoida belgilari aniqlash qobiliyatini muvaffaqiyatli yaxshiladi va bir xil paketni moslashtirish uchun qisqa ishlash vaqtini talab qiladi: Hydra hujumida 3,5 mikrosekund, Medusa hujumida 3,8 mikrosekund va Ncrack hujumida 2,3 mikrosekund.

Библиографические ссылки

Alkhwaja I., Albugami M., Alkhwaja A., Alghamdi M., Abahussain H., Alfawaz F., Almurayh A., Min-Allah N. Password Cracking with Brute Force Algorithm and Dictionary Attack Using Parallel Programming // Applied Sciences. – 2023. – Vol. 13, No. 10. – P. 5979. DOI: 10.3390/app13105979.

Maseer Z.K., Yusof R., Al-Bander B., Saif A., Kadhim Q.K. Meta-Analysis and Systematic Review for Anomaly Network Intrusion Detection Systems: Detection Methods, Dataset, Validation Methodology, and Challenges // arXiv preprint. – 2023. – arXiv:2308.02805. URL: https://arxiv.org/abs/2308.02805.

Hernandez-Ramos J.L., Karopoulos G., Chatzoglou E., Kouliaridis V., Marmol E., Gonzalez-Vidal A., Kambourakis G. Intrusion Detection based on Federated Learning: a systematic review // arXiv preprint. – 2023. – arXiv:2308.09522. URL: https://arxiv.org/abs/2308.09522.

Kheddar H., Himeur Y., Awad A.I. Deep transfer learning for intrusion detection in industrial control networks: A comprehensive review // arXiv preprint. – 2023. – arXiv:2304.10550. URL: https://arxiv.org/abs/2304.10550.

Kimanzi R., Kimanga P., Cherori D., Gikunda P.K. Deep Learning Algorithms Used in Intrusion Detection Systems – A Review // arXiv preprint. – 2024. – arXiv:2402.17020. URL: https://arxiv.org/abs/2402.17020.

Hetzler C., Chen Z., Khan T. Analysis of SSH Honeypot Effectiveness // Advances in Information and Communication, Proceedings of the 2023 Future of Information and Communication Conference (FICC), Volume 2. – 2023. – P. 759–782. DOI: 10.1007/978-3-031-28073-3_51.

Dong J. Longitudinal Analysis of SSH Honeypot Logs // Wellington Faculty of Engineering Symposium.–2023. URL: https://ojs.victoria.ac.nz/wfes/article/view/8365.

Islam M., Bohuk M.S., Chung P., Ristenpart T., Chatterjee R. Araña: Discovering and Characterizing Password Guessing Attacks in Practice // 32nd USENIX Security Symposium (USENIX Security 23). – 2023. – P. 1019–1036.URL:https://www.usenix.org/conference/usenixsecurity23/presentation/islam.

Xu M., Yu J., Zhang X., Wang C., Zhang S., Wu H., Han W. Improving Real-world Password Guessing Attacks via Bi-directional Transformers // 32nd USENIX Security Symposium (USENIX Security 23). – 2023. – P. 1001–1018.URL:https://www.usenix.org/conference/usenixsecurity23/presentation/xu-ming.

Kaspersky. You shall not pass. Kaspersky checked 193 million passwords for resistance to various compromising techniques // Kaspersky Press Release. – 2024. URL: https://www.kaspersky.com/about/press-releases/you-shall-not-pass-kaspersky-checked-193-million-passwords-for-resistance-to-various-compromising-techniques.

Rosado Rodríguez D., Romeu Sala S., Canyameres Gimenez I., Roy Catala T. Enhancing Cybersecurity Intelligence through Machine Learning: Clustering and Forecasting Analysis of Honeypot Data // Proceedings of the 2024 International Conference on Cybersecurity. – 2024. – P. 1–10. URL: https://ciberseguretat.gencat.cat/web/.content/04_actualitat/Noticies/2024/PDF/Paper-reviewed-honeypots-IA.pdf.

Zou J., Sun Z., Ku C., Li X., Dahbura A. Developing High-interaction Honeypots to Capture and Analyze Region-Specific Bot Behaviors // Proceedings of the 2024 Symposium on the Science of Security (HoTSoS). – 2024. – P. 1–2. URL: https://isi.jhu.edu/wp-content/uploads/2024/02/Honeypot_Paper_for_HoTSoS-2024-2.pdf.

Tiwari H. SSH Honeypots: A Comprehensive Analysis for Cybersecurity Threat Mitigation // Insights2Techinfo. – 2023. URL: https://insights2techinfo.com/ssh-honeypots-a-comprehensive-analysis-for-cybersecurity-threat-mitigation-2/.

O'Brien M. Analyzing Honeypot SSH Traffic // Medium. – 2023. URL: https://matthewob5.medium.com/analyzing-honeypot-ssh-traffic-781bb48ae26b.

Candela M. SSH LLM Honeypot caught a real threat actor // ITNEXT. – 2025. URL: https://itnext.io/ssh-llm-honeypot-caught-a-real-threat-actor-88c6881bee11?source=rss----5b301f10ddcd---4.

Outpost24. Cyber Threat Landscape Study 2023: Outpost24’s honeypot findings from over 42 million attacks // Outpost24 Blog. – 2023. URL: https://outpost24.com/blog/honeypot-findings-from-over-42-million-attacks/.

AhnLab Security Emergency Response Center (ASEC). Statistical Report on Malware Targeting Linux SSH Servers in Q1 2024 // ASEC Blog. – 2024. URL: https://asec.ahnlab.com/en/78943/.