JUCS - Journal of Universal Computer Science 25(11): 1417-1436, doi: 10.3217/jucs-025-11-1417
Analysis of the Infection and the Injection Phases of the Telnet Botnets
expand article infoTomáš Bajtoš, Pavol Sokol, Andrej Gajdoš, Katarína Lučivjanská, Terézia Mézešová
‡ Pavol Jozef Šafárik University, Košice, Slovakia
Open Access
With the number of Internet of Things devices increasing, also the number of vulnerable devices connected to the Internet increases. These devices can become part of botnets and cause damage to the Internet infrastructure. In this paper we study telnet botnets and their behaviour in the first two stages of its lifecycle - initial infection, and secondary infection. The main objective of this paper is to determine specific attributes of their behavior during these stages and design a model for profiling threat agents into telnet botnets groups. We implemented a telnet honeynet and analyzed collected data. Also, we applied clustering methods for security incident profiling. We consider K-modes and PAM clustering algorithms. We found out that a number of sessions and credential guessing are easily collected and United States of Americable attributes for threat agents profiling.
security, clustering, threat agent, telnet honeypot, profiling