With the evolving complexity and interconnectivity of information systems, attackers and cyber criminals are continuously developing more sophisticated methods to exploit system vulnerabilities. This research proposes a hands-on approach to open-source security monitoring and analysis by simulating various compromise-based attack scenarios and summarizing the attacker’s behavior across different methods. Using open-source tools such as Cowrie, Snort, and a vulnerable web application, this proposal is based on the simulation of SSH brute-force attacks, web-based attacks such as Broken Access Control (BAC), and Denial of Service (DoS) attacks using hping. We log, correlate, and analyze the activity of malicious actors to construct behavioral and communication patterns post-compromise. The output includes a summary of details related to IPs and types of attacks and their patterns to assist in incident response and threat intelligence. This approach has the potential of open-source solutions in real-time intrusion detection and attacker profiling for small to medium-sized enterprises.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

An Approach Towards Open-Source Security Solutions for Information Systems: Profiling Attacker’s Behavior and Communication Patterns Post-Compromise

  • Shashank Sharma,
  • Shaligram Prajapat,
  • Nitin Naik

摘要

With the evolving complexity and interconnectivity of information systems, attackers and cyber criminals are continuously developing more sophisticated methods to exploit system vulnerabilities. This research proposes a hands-on approach to open-source security monitoring and analysis by simulating various compromise-based attack scenarios and summarizing the attacker’s behavior across different methods. Using open-source tools such as Cowrie, Snort, and a vulnerable web application, this proposal is based on the simulation of SSH brute-force attacks, web-based attacks such as Broken Access Control (BAC), and Denial of Service (DoS) attacks using hping. We log, correlate, and analyze the activity of malicious actors to construct behavioral and communication patterns post-compromise. The output includes a summary of details related to IPs and types of attacks and their patterns to assist in incident response and threat intelligence. This approach has the potential of open-source solutions in real-time intrusion detection and attacker profiling for small to medium-sized enterprises.