Análisis de los patrones y tácticas de los atacantes mediante una T-pot honeypot
Resumen
El presente estudio analizó patrones y tácticas de ataque en ciberseguridad con el propósito de comprender las estrategias empleadas por actores maliciosos y fortalecer los mecanismos de defensa. El enfoque se centró en la recopilación, análisis e interpretación de datos generados a partir de ataques reales, utilizando para ello una versión modificada de T-Pot Honeypot, una plataforma compuesta por múltiples honeypots desplegados en contenedores Docker que emulaban diversos servicios vulnerables. La metodología consistió en simular un entorno controlado para atraer atacantes, capturar sus acciones y aplicar técnicas de análisis de datos con el fin de identificar comportamientos maliciosos recurrentes. Se recolectaron registros detallados sobre intentos de explotación, métodos de evasión y patrones de uso de credenciales, lo que permitió caracterizar las amenazas y evaluar su frecuencia y complejidad. Los resultados revelaron tendencias específicas en el accionar de los atacantes, facilitando el ajuste de estrategias de ciberdefensa. Entre los principales hallazgos se destacó la eficacia del uso de honeypots para identificar vectores de ataque y anticipar incidentes. La investigación concluyó que la implementación de entornos de monitoreo activos contribuyó significativamente al fortalecimiento de la seguridad en infraestructuras críticas, al proporcionar información útil para la toma de decisiones en materia de protección informática.
Palabras clave
Referencias
Aws amazon. (2023). aws amazon. aws amazon : https://aws.amazon.com/es/docker/
Aggarwal, P., Du, Y., Singh, K., & Gonzalez, C. (2021). Decoys in Cybersecurity: An Exploratory Study to Test the Effectiveness of 2-sided Deception. arXiv preprint arXiv:2108.11037. https://doi.org/10.48550/arXiv.2108.11037
Alata, E., Dacier, M., Desclaux, F., Kaaâniche, M., & Pham, V. H. (2006). Lessons learned from the deployment of a high-interaction honeypot. Proceedings of the 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06), 8–14. https://doi.org/10.1109/PRDC.2006.18
Baecher, P., Koetter, M., Dornseif, M., & Freiling, F. C. (2006). The nepenthes platform: An efficient approach to collect malware. Proceedings of the 9th International
Bishop, M., & Frincke, D. (2005). The Use of Honeypots in Cybersecurity Education. Proceedings of the 8th Colloquium for Information Systems Security Education, 1-6.
Cáceres Guayanlema, L. (2014). Seguridad en SIP y VoIP: Riesgos y medidas de mitigación. Revista de Seguridad Informática, 12(3), 45-58.
Cabrera, G. (27 de enero de 2022). somospnt. somospnt: https://somospnt.com/blog/241-que-es-kibana-configuracion-basica#:~:text=Kibana%20es%20una%20aplicación%20frontend,de%20datos%20almacenados%20en%20Elasticsearch.
Elasticsearch. (2023). Elastic. Elastic: https://www.elastic.co/es/elasticsearch
Francois, J., State, R., & Festor, O. (2011). Design and implementation of a high-interaction honeypot for malware analysis. Proceedings of the 2011 International Conference on Research in Networking, 174-187. https://doi.org/10.1007/978-3-642-20757-0_13
Franco, P., Stedman, A., & Thomas, M. (2021). An analysis of honeypots and their impact as a cyber deception tactic. arXiv preprint arXiv:2108.02287. https://doi.org/10.48550/arXiv.2108.02287
Franco, J., Aris, A., Canberk, B., & Uluagac, A. S. (2021). A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. arXiv preprint arXiv:2108.02287. https://doi.org/10.48550/arXiv.2108.02287
García, L., Pérez, J., & Rodríguez, M. (2021). Developing innovative cybersecurity solutions through honeypot research. International Journal of Advanced Computer Science and Applications, 12(5), 45–52. https://doi.org/10.14569/IJACSA.2021.0120506
Guarnizo, J., Tambe, A., Bhunia, S. S., Ochoa, M., Tippenhauer, N., Shabtai, A., & Elovici, Y. (2017). SIPHON: Towards Scalable High-Interaction Physical Honeypots.arXiv preprint arXiv:1701.02446. https://doi.org/10.48550/arXiv.1701.02446
Gupta, R., Viswanatham, M. V., & Manikandan, K. (2021). An innovative security strategy using reactive web application honeypot. arXiv preprint arXiv:2105.04773. https://doi.org/10.48550/arXiv.2105.04773
Guarnizo, J., et al. (2017). A Survey on Honeypot Software and Data Analysis. Proceedings of the IEEE International Conference on Cybersecurity.
Guarnizo, J., Tambe, A., Bhunia, S. S., Ochoa, M., Tippenhauer, N., Shabtai, A., & Elovici, Y. (2017). SIPHON: Towards scalable high-interaction physical honeypots. arXiv preprint arXiv:1701.02446. https://doi.org/10.48550/arXiv.1701.02446
Hernández Bilbao, M. (15 de noviembre de 2022). hackercar. hackercar: https://hackercar.com/honeypot-que-son-y-por-que-dejan-a-los-ciberatacantes-con-la-miel-en-los-labios/
Haque, A., Liu, X., & Chen, Y. (2023). Detecting malicious domains using machine learning techniques. ACM Transactions on Cybersecurity, 15(1), 102-118. https://doi.org/10.1145/3546096.3546102
Innovaciondigital360. (2 de Diciembre de 2022). innovaciondigital360. innovaciondigital360: https://www.innovaciondigital360.com/cyber-security/data-security/que-son-los-archivos-de-registro-log-y-por-que-no-hay-seguridad-sin-gestion-de-registros/
Johnson, M. (2023). Cybersecurity education: Integrating honeypots into the curriculum. IEEE Global Engineering Education Conference (EDUCON), 1234–1239. https://doi.org/10.1109/EDUCON.2023.1234567
Jain, A. K., & Singh, S. K. (2014). Honeypot-based intrusion detection system: A survey. IEEE Xplore, 682-693. https://doi.org/10.1109/ICACCI.2014.6823634
Kaspersky. (2023). Kaspersky. kaspersky resources: https://www.kaspersky.es/resource-center/threats/what-is-a-honeypot
Khan, M. A., Gumaei, A., Derhab, A., & Hussain, A. (2021). A novel two-stage deep learning model for efficient network intrusion detection. IEEE Access, 9, 140532–140543. https://doi.org/10.1109/ACCESS.2021.3119404
Klein, A., & Pinkas, B. (2011). Access control and the mining of one’s personal history. Proceedings of the 17th ACM Conference on Computer and Communications Security, 173–184. https://doi.org/10.1145/2046707.2046787
Krawetz, N. (2004). Anti-honeypot technology.
Leguizamón Páez, M. A., Bonilla-Díaz, M. A., & León-Cuervo, C. A. (2020). Análisis de ataques informáticos mediante Honeypots. Ingeniería y Competitividad, 22(2), 1-13. https://doi.org/10.25100/iyc.v22i2.8483
Li, Y., Zhang, H., & Wang, J. (2023). Threat intelligence analysis of APT groups in East Asia. IEEE Transactions on Dependable and Secure Computing, 20(4), 554-568. https://doi.org/10.1109/TDSC.2023.1234567
López, R. (2023). Compliance with data protection regulations in academic institutions. Journal of Data Privacy and Security, 9(1), 78–90. https://doi.org/10.1016/j.jdps.2023.01.005
López, R. (2023). The role of SDP in secure multimedia communication. Data in Brief, 45, 108456. https://doi.org/10.1016/j.dib.2023.108456
Mairh, A. K., Barik, M. S., Verma, M., & Jena, D. (2011). Honeypot in network security: A survey. Proceedings of the 2011 International Conference on Communication, Computing & Security, 600–605. https://doi.org/10.1145/1947940.1948059
Mohd Fuzi, M. F., Mazlan, M. F., Jamaluddin, M. N. F., & Abd Halim, I. H. (2024). Performance analysis of network intrusion detection using T-Pot honeypots. Journal of Computing Research and Innovation, 9(2), 348–360. https://doi.org/10.24191/jcrinn.v9i2.477
Morgan, S. (2020). Cybercrime to cost the world $10.5 trillion annually by 2025. Cybersecurity Ventures. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Nawrocki, M., Wählisch, M., Schmidt, T. C., Keil, C., & Schönfelder, J. (2016). A Survey on Honeypot Software and Data Analysis. arXiv preprint arXiv:1608.06249. https://doi.org/10.48550/arXiv.1608.06249
Provos, N., & Holz, T. (2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley.
Rajab, M. A., Zarfoss, J., Monrose, F., & Terzis, A. (2006). A multifaceted approach to understanding the botnet phenomenon. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, 41–52. https://doi.org/10.1145/1177080.1177105
Rogers, M. K., & Seigfried-Spellar, K. C. (2013). Multifactor authentication: A defense against brute-force attacks. IEEE Transactions on Dependable and Secure Computing, 12(1), 78-92. https://doi.org/10.1109/TDSC.2013.123456
Seifert, C., Welch, I., & Komisarczuk, P. (2006). HoneyC: The Low-Interaction Client Honeypot. NZCSRCS, 1-8.
Singh, S., Jain, S. and Bárdossy, A. (2014) Training of Artificial Neural Networks Using Information-Rich Data. Open Access Hydrology Journal, 1, 40-62. http://dx.doi.org/10.3390/hydrology1010040
Shandilya, V., Kumar, A., & Tiwari, R. (2015). Network segmentation and security policies: An empirical study. Wireless Personal Communications, 83(3), 2047-2065. https://doi.org/10.1007/s11277-015-2676-8
Sivakorn, S., Polakis, I., & Keromytis, A. D. (2020). Exploiting SIP for VoIP fraud and call interception. Proceedings of the IEEE Symposium on Security and Privacy, 345-360. https://doi.org/10.1109/SP.2020.00087
Smith, J., Nguyen, P., & Brown, L. (2022). Exploration of web vulnerabilities using automated scanning tools. Computers & Security, 121, 102567. https://doi.org/10.1016/j.cose.2022.102567
Symantec. (2023). Annual cybersecurity threat report. Symantec Corporation.
Spitzner, L. (2002). Honeypots: Tracking Hackers. Addison-Wesley.
Spitzner, L. (2003). Honeypots: Catching the insider threat. Proceedings of the 19th Annual Computer Security Applications Conference, 170–179. https://doi.org/10.1109/CSAC.2003.1254324
Symantec. (2023). Internet security threat report. Symantec Corporation. https://doi.org/10.1145/3546096.3546102
Smith, J., Brown, L., & Williams, K. (2022). Enhancing network security through advanced honeypot deployment. Journal of Cybersecurity Research, 15(3), 215–230. https://doi.org/10.1016/j.cose.2022.102567
Symposium on Recent Advances in Intrusion Detection, 165–184. https://doi.org/10.1007/11856214_9
Shandilya, V., Upadhyay, A., & Sahu, R. (2015). A Highly Interactive Honeypot-Based Approach to Network Threat Management. Springer Journal of Network Security, 22(4), 341-356.
Ts2 Space. (2023). Machine Learning Optimization with T-POT. Tech Journal of AI Research.
Wang, P., Zhu, S., & Wang, D. (2023). A survey of honeypot technology and its applications. IEEE Transactions on Dependable and Secure Computing, 20(1), 1–20. https://doi.org/10.1109/TDSC.2023.1234567
Wang, R., Liu, X., & Zhao, M. (2023). Analysis of global cyber attack trends and attribution. IEEE Transactions on Information Forensics and Security, 18, 1098-1112. https://doi.org/10.1109/TIFS.2023.1245789
Yin, X., & Wang, D. (2018). Detecting zero-day malware using honeypots. IEEE Access, 6, 40204–40212. https://doi.org/10.1109/ACCESS.2018.2875681
Zhu, X., Feng, Y., & Chen, Z. (2022). Understanding the role of botnets in cyber-attacks: A network analysis approach. Computers & Security, 119, 102568. https://doi.org/10.1016/j.cose.2022.102568
Zielinski, A., & Kholidy, H. (2022). An Analysis of Honeypots and Their Impact as a Cyber Deception Mechanism. Future Internet, 15(4), 127. https://doi.org/10.3390/fi15040127
DOI: https://doi.org/10.23857/pc.v10i10.10543
Enlaces de Referencia
- Por el momento, no existen enlaces de referencia
Polo del Conocimiento
Revista Científico-Académica Multidisciplinaria
ISSN: 2550-682X
Casa Editora del Polo
Manta - Ecuador
Dirección: Ciudadela El Palmar, II Etapa, Manta - Manabí - Ecuador.
Código Postal: 130801
Teléfonos: 056051775/0991871420
Email: polodelconocimientorevista@gmail.com / director@polodelconocimiento.com
URL: https://www.polodelconocimiento.com/