Hatice TAŞÇI, Serkan GÖNEN, Mehmet Ali BARIŞKAN, Gökçe KARACAYILMAZ, Birkan ALHAN, Ercan Nurcan YILMAZ

Password Attack Analysis Over Honeypot Using Machine Learning Password Attack Analysis

Developing information and technology has caused the digitization of data in all areas of our lives. While this digitization provides entirely new conveniences, speed, efficiency, and effectiveness in our current life, it also created a new environment, space, and ultimately a risk area for attackers. This new space is called cyberspace. There is a constant struggle between security experts and attackers in cyberspace. However, as in any environment, the attacker is always in an advantageous position. In this fight, the newest approach for security experts to catch attackers is to use technologies based on prediction and detection, such as artificial intelligence, machine learning, artificial neural networks. Only in this way will it be possible to fight tens of thousands of pests that appear every second. This study focuses on detecting password attack types (brute force attack, dictionary attack, and social engineering) on real systems using Cowrie Honeypot. The logs obtained during the said attacks were used in the machine learning algorithm, and subsequent similar attacks were classified with the help of artificial intelligence. Various machine learning algorithms such as Naive Bayes, Decision tree, Random Forest, and Support Vector Machine (SVM) have been used to classify these attacks. As a result of this research, it was determined that the password attacks carried out by the attacker were phishing attacks, dictionary attacks, or brute force attacks with high success rates. Determining the type of password attack will play a critical role in determining the measures to be taken by the target institution to close the vulnerabilities in which the attack can be carried out. It has been evaluated that the study will make significant contributions to cybersecurity and password attacks.

Keywords:

Artificial Intelligence, Cyber Security, Honeypot, Password Attacks, Social Engineering,

PDF

___

[1] Alom, M., Taha, T., Yakopcic, C.,Westberg, S., Sidike, P. et al., A state-of-the-art survey on deep learning theory and architectures, Electronics, 8(3)(2019), 292.
[2] Arıkan, S.M., Benzer, R., Bir güvenlik trendi: Bal küpü, Acta Infologica, 2(1)(2018), 1–11.
[3] Arunadevi, J., Ramya, S., Raja, M.R., A study of classification algorithms using Rapidminer, International Journal of Pure and Applied Mathematics, 119(12)(2018), 15977–15988.
[4] Chou, H.C.H., Lee, C., Yu, H.J., Lai, F.P., Huang, K.H. et al., Password cracking based on learned patterns from disclosed passwords, IJICIC, 9(2)(2013), 821–839.
[5] Dowling, S., Schukat, M., Barrett, E., New framework for adaptive and agile honeypots, ETRI Journal, 42(6)(2020), 965–975.
[6] El Kamel, N., Eddabbah, M., Lmoumen, Y., Touahni, R., A smart agent design for cyber security based on honeypot and machine learning, Security and Communication Networks, (2020), 1–9.
[7] Fan, W., Du, Z., Smith-Creasey, M., Fernandez, D., Honeydoc: an efficient honeypot architecture enabling all-round design, IEEE Journal on Selected Areas in Communications, 37(3)(2019), 683-697.
[8] Ibrahim, I., Abdulazeez, A., The role of machine learning algorithms for diagnosing diseases, Journal of Applied Science and Technology Trends, 2(1)(2021), 10–19.
[9] Jetty, S., Network Scanning Cookbook: Practical Network Security Using Nmap and Nessus 7. Packt Publishing Ltd, 2018.
[10] Jones, J., Wimmer, H., Haddad, R.J., PPTP VPN: An analysis of the effects of a DDoS attack, in 2019 SoutheastCon, (2019), 1–6.
[11] Kakarla, T., Mairaj, A., Javaid, A.Y., A real-world password cracking demonstration using open source tools for instructional use, in 2018 IEEE International Conference on Electro/Information Technology (EIT), (2018: IEEE), 0387–0391.
[12] Kumar, D.P., Amgoth, T., Annavarapu, C.S.R., Machine learning algorithms for wireless sensor networks: A survey, Information Fusion, 49(2019), 1–25.
[13] Li, J.H., Cyber security meets artificial intelligence: a survey, Frontiers of Information Technology & Electronic Engineering, 19(12)(2018), 1462–1474.
[14] Li, M., Xu, H., Deng, Y., Evidential decision tree based on belief entropy, Entropy, 21(9)(2019), 897.
[15] Manogaran, G., Lopez, D., A survey of big data architectures and machine learning algorithms in healthcare, International Journal of Biomedical Engineering and Technology, 25(2-4)(2017), 182–211.
[16] Mohan, N., Predicting Post-Procedural Complications Using Neural Networks on MIMIC-III Data, (2018), [Online]. Available: https://digitalcommons.lsu.edu/gradschool theses/4840, (accessed 30.06.2021, 2021).
[17] Naik, N., Jenkins, P., A fuzzy approach for detecting and defending against spoofing attacks on low interaction honeypots, in 2018 21st International Conference on Information Fusion (Fusion), (2018), 904–910.
[18] Naik, N., Jenkins, P., Savage, N., Yang, L., A computational intelligence enabled honeypot for chasing ghosts in the wires, Complex & Intelligent Systems, 7(1)(2021), 477–494.
[19] OneLogin., Six Types of Password Attacks, [Online]. Available: https://www.onelogin.com/learn/mfa-types-of-cyber-attacks, (accessed 30.06.2021, 2021).
[20] Öztürk, K., Şahin, M.E., Yapay sinir ağları ve yapay zekaya genel bir bakış, Takvim-i Vekayi, 6(2)(2018), 25–36.
[21] Ponnusamy, V.L., Selvam, M.P., Rafique, K., Cybersecurity governance on social engineering awareness, in Employing Recent Technologies for Improved Digital Governance: IGI Global, (2020), 210–236.
[22] Resul, D., Bitikçi, B., Analysis of different types of network attacks on the GNS3 platform, Sakarya University Journal of Computer and Information Sciences, 3(3)(2020), 210–230.
[23] Roesch, M., et al., Harnessing the full potential of industrial demand-side flexibility: An end-to-end approach connecting machines with markets through service-oriented IT platforms, Applied Sciences, 9(18)(2019), 3796.
[24] Salahdine, F., Kaabouch, N., Social engineering attacks: A survey, Future Internet, 11(4)(2019), 89.
[25] Satoh, A., Nakamura, Y., Ikenaga, T., A flow-based detection method for stealthy dictionary attacks against Secure Shell, Journal of Information Security and Applications, 21(2015), 31–41.
[26] Sentanoe, S., Taubmann, B., Reiser, H.P., Virtual machine introspection based SSH honeypot, in Proceedings of the 4th Workshop on Security in Highly Connected IT Systems, (2017), 13–18.
[27] Shrivastava, R.K., Bashir, B., Hota, C., Attack detection and forensics using honeypot in IoT environment, in International Conference on Distributed Computing and Internet Technology, (2019: Springer), 402–409.
[28] Sokol, P., Misek, J., Husak, M., Honeypots and honeynets: issues of privacy, EURASIP Journal on Information Security, 2017(1)(2017), 1–9.
[29] Tsikerdekis, M., Zeadally, S., Schlesener, A., Sklavos, N., Approaches for preventing honeypot detection and compromise, in 2018 Global Information Infrastructure and Networking Symposium (GIIS), (2018), 1–6.
[30] Uddin, S., Khan, A., Hossain, M.E., Moni, M.A., Comparing different supervised machine learning algorithms for disease prediction, BMC medical informatics and decision making, 19(1)(2019), 1–16.
[31] Verma, A., Production honeypots: An organization’s view, SANS Security Essentials, (2003), 1–28.
[32] Zhang, H., Zhou, R., The analysis and optimization of decision tree based on ID3 algorithm, in 2017 9th International Conference on Modelling, Identification and Control (ICMIC), (2017), 924–928.