Multi-Engine Framework for Vulnerability Detection in the Brazilian Internet
Abstract
Device search engines play an important role in the vulnerability tracking process. However, there are few studies that analyze the capabilities of these systems. Our work compares two popular search systems, Censys and Shodan, in the context of Brazil. Due to the large volume of data generated by search engines, we implemented a unique data abstraction that simplifies complex queries and integrates them with external data. We propose a framework to evaluate both systems. Our results point to significant differences in the way the two systems operate, with Censys being the system with the largest device coverage in Brazil, while Shodan has a greater diversity of detected services and higher update rates. The combination of data from both engines increases the number of services detected and the scanning rate of up to 1.8 times, while obtaining more details about the services evaluated.References
Al-Alami, H., Hadi, A., e Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. In Int. Conf. on the Applications of Information Technology in Developing Renewable Energy Processes Systems, Amman, Jordânia. IEEE.
Bennett, C. et al. (2021). Empirical scanning analysis of Censys and Shodan. In Workshop on Measurements, Attacks, and Defenses for the Web, Online. The Internet Society.
Câmara, J. (2023). De CPF a fotos: UFMS confirma que dados pessoais de alunos foram acessados por hackers em vazamento. Disponível em: [link]. Acessado em 12/01/2024.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proc. of ACM SIGSAC Conf. on Computer and Comm. Security, Denver, EUA. ACM.
IT Section (2024). Ransomwares aumentam 13% em 2023, atingindo quase 5 mil incidentes. Disponível em: [link]. Acessado em 12/01/2024.
Lee, S. et al. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. In 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), pages 1048–1052, Milão, Itália. IEEE.
Li, R. et al. (2020). A Survey on Cyberspace Search Engines. In China Cyber Security Annual Conference, pages 206–214, Beijing, China. Springer.
Matherly, J. (2015). Complete Guide to Shodan: Collect. Analyze. Visualize. Make Internet Intelligence Work For You. Shodan, LLC (2016-02-25), 1.
Mousavi, S. H. et al. (2020). A fully scalable big data framework for Botnet detection based on network traffic analysis. Information Sciences, 512:629–640.
Ortiz, B. e Mendes, M. (2023). Polícia do DF prende hackers suspeitos de invadirem computadores de hospital em Taguatinga e exigirem resgate. Disponível em: [link]. Acessado em 12/01/2024.
Ponce, L. et al. (2023). Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In Anais do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 15–28.
Raikar, M. e Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540, Índia. IEEE.
Statista (2023). Countries with the largest digital populations in the world as of January 2023. Disponível em: [link]. Acessado em 12/01/2024.
Zhao, B. et al. (2022). A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Trans. Dependable Secure Comput., 19(3):1826–1840.
Bennett, C. et al. (2021). Empirical scanning analysis of Censys and Shodan. In Workshop on Measurements, Attacks, and Defenses for the Web, Online. The Internet Society.
Câmara, J. (2023). De CPF a fotos: UFMS confirma que dados pessoais de alunos foram acessados por hackers em vazamento. Disponível em: [link]. Acessado em 12/01/2024.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proc. of ACM SIGSAC Conf. on Computer and Comm. Security, Denver, EUA. ACM.
IT Section (2024). Ransomwares aumentam 13% em 2023, atingindo quase 5 mil incidentes. Disponível em: [link]. Acessado em 12/01/2024.
Lee, S. et al. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. In 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), pages 1048–1052, Milão, Itália. IEEE.
Li, R. et al. (2020). A Survey on Cyberspace Search Engines. In China Cyber Security Annual Conference, pages 206–214, Beijing, China. Springer.
Matherly, J. (2015). Complete Guide to Shodan: Collect. Analyze. Visualize. Make Internet Intelligence Work For You. Shodan, LLC (2016-02-25), 1.
Mousavi, S. H. et al. (2020). A fully scalable big data framework for Botnet detection based on network traffic analysis. Information Sciences, 512:629–640.
Ortiz, B. e Mendes, M. (2023). Polícia do DF prende hackers suspeitos de invadirem computadores de hospital em Taguatinga e exigirem resgate. Disponível em: [link]. Acessado em 12/01/2024.
Ponce, L. et al. (2023). Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In Anais do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 15–28.
Raikar, M. e Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540, Índia. IEEE.
Statista (2023). Countries with the largest digital populations in the world as of January 2023. Disponível em: [link]. Acessado em 12/01/2024.
Zhao, B. et al. (2022). A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Trans. Dependable Secure Comput., 19(3):1826–1840.
Published
2024-05-20
How to Cite
PONCE, Lucas M. et al.
Multi-Engine Framework for Vulnerability Detection in the Brazilian Internet. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 197-210.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1302.
