Identificação de Serviços e Dispositivos em Dados de Motores de Busca para o Enriquecimento de Análise de Vulnerabilidades
Resumo
A enumeração dos ativos conectados à rede é uma etapa importante na análise de vulnerabilidades. Nesse contexto, a utilização de motores de busca, como o Shodan, vem se tornando popular para a identificação de serviços e dispositivos acessíveis pela Internet. No entanto, as informações inferidas por esses motores nem sempre são completas e, muitas vezes, não acompanham a velocidade com que novos serviços surgem. O presente trabalho apresenta uma solução para a enumeração eficiente de serviços a partir de fingerprints. Para validar nossa solução, comparamos as informações obtidas pelo nosso arcabouço com as fornecidas pelo Shodan. Por exemplo, nossa solução permite o aumento da identificação de serviços, como o sistema operacional, em 1,6 vezes e informações sobre o hardware em até 14 vezes. Apresentamos também dois casos de uso que mostram como nosso arcabouço pode auxiliar na análise de vulnerabilidades fornecendo informações mais precisas.Referências
Al-Alami, H., Hadi, A., e Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. In 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), pages 1–6, Jordan. IEEE.
Albataineh, A. e Alsmadi, I. (2019). IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries. In 2019 IEEE 20th International Symposium on “A World of Wireless, Mobile and Multimedia Networks”, pages 1–5, EUA. IEEE.
Cheng, H. et al. (2021). Identify IoT Devices through Web Interface Characteristics. In 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pages 405–410. IEEE.
Daskevics, A. e Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In 2021 Second International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pages 38–45, Estonia. IEEE.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pages 542–553, EUA. ACM.
Gasser, O., Holz, R., e Carle, G. (2014). A deeper understanding of SSH: Results from Internet-wide scans. In 2014 IEEE Network Operations and Management Symposium, pages 1–9, Poland. IEEE.
Genge, B. e Enăchescu, C. (2016). ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and Communication Networks, 9(15):2696–2714.
Majumder, A., Rastogi, R., e Vanama, S. (2008). Scalable regular expression matching on data streams. In Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, SIGMOD ’08, pages 161–172, EUA. ACM.
Markowsky, L. e Markowsky, G. (2015). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), volume 1, pages 463–467. IEEE.
Microservice (2022). O que é análise de vulnerabilidade e qual sua importância? [link]. Acessado em 31/05/2024.
Moriot, C. et al. (2022). How to build socio-organizational information from remote ip addresses to enrich security analysis? In 2022 IEEE 47th Conference on Local Computer Networks (LCN), pages 287–290. IEEE.
Nogueira, M. et al. (2023). A Large Scale Characterization of Device Uptimes. IEEE Transactions on Emerging Topics in Computing, 11(3):553–565.
Novianto, B., Suryanto, Y., e Ramli, K. (2021). Vulnerability analysis of internet devices from indonesia based on exposure data in shodan. In IOP Conference Series: Materials Science and Engineering, volume 1115, page 012045. IOP Publishing.
O’Hare, J., Macfarlane, R., e Lo, O. (2019). Identifying vulnerabilities using internet-wide scanning data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pages 1–10.
Ponce, L. et al. (2023). Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In Anais do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 15–28, Porto Alegre, RS, Brasil. SBC.
Ponce, L. et al. (2024). Arcabouço Multi-motor para Detecção de Vulnerabilidades na Internet Brasileira. In Anais do XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 197–210, Porto Alegre, RS, Brasil. SBC.
Popescu, M. (2016). Internet Census, 2016. [link]. Acessado em 31/05/2024.
Project, H. (2024). Hyperscan - ultra-fast regular expression matching library. [link]. Acessado em 31/05/2024.
Raikar, M. e Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540, Índia. IEEE.
Samtani, S. et al. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33(2):63–73.
Sarabi, A., Yin, T., e Liu, M. (2023). An LLM-based Framework for Fingerprinting Internet-connected Devices. In Proceedings of the 2023 ACM on Internet Measurement Conference, IMC ’23, pages 478–484, EUA. ACM.
Wang, R. et al. (2022). WYSIWYG: IoT Device Identification Based on WebUI Login Pages. Sensors, 22(13).
Wang, X. et al. (2009). Extraction of fingerprint from regular expression for efficient prefiltering. In 2009 IEEE International Conference on Communications Technology and Applications, pages 221–226, China. IEEE.
Albataineh, A. e Alsmadi, I. (2019). IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries. In 2019 IEEE 20th International Symposium on “A World of Wireless, Mobile and Multimedia Networks”, pages 1–5, EUA. IEEE.
Cheng, H. et al. (2021). Identify IoT Devices through Web Interface Characteristics. In 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pages 405–410. IEEE.
Daskevics, A. e Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In 2021 Second International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pages 38–45, Estonia. IEEE.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pages 542–553, EUA. ACM.
Gasser, O., Holz, R., e Carle, G. (2014). A deeper understanding of SSH: Results from Internet-wide scans. In 2014 IEEE Network Operations and Management Symposium, pages 1–9, Poland. IEEE.
Genge, B. e Enăchescu, C. (2016). ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and Communication Networks, 9(15):2696–2714.
Majumder, A., Rastogi, R., e Vanama, S. (2008). Scalable regular expression matching on data streams. In Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, SIGMOD ’08, pages 161–172, EUA. ACM.
Markowsky, L. e Markowsky, G. (2015). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), volume 1, pages 463–467. IEEE.
Microservice (2022). O que é análise de vulnerabilidade e qual sua importância? [link]. Acessado em 31/05/2024.
Moriot, C. et al. (2022). How to build socio-organizational information from remote ip addresses to enrich security analysis? In 2022 IEEE 47th Conference on Local Computer Networks (LCN), pages 287–290. IEEE.
Nogueira, M. et al. (2023). A Large Scale Characterization of Device Uptimes. IEEE Transactions on Emerging Topics in Computing, 11(3):553–565.
Novianto, B., Suryanto, Y., e Ramli, K. (2021). Vulnerability analysis of internet devices from indonesia based on exposure data in shodan. In IOP Conference Series: Materials Science and Engineering, volume 1115, page 012045. IOP Publishing.
O’Hare, J., Macfarlane, R., e Lo, O. (2019). Identifying vulnerabilities using internet-wide scanning data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pages 1–10.
Ponce, L. et al. (2023). Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In Anais do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 15–28, Porto Alegre, RS, Brasil. SBC.
Ponce, L. et al. (2024). Arcabouço Multi-motor para Detecção de Vulnerabilidades na Internet Brasileira. In Anais do XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 197–210, Porto Alegre, RS, Brasil. SBC.
Popescu, M. (2016). Internet Census, 2016. [link]. Acessado em 31/05/2024.
Project, H. (2024). Hyperscan - ultra-fast regular expression matching library. [link]. Acessado em 31/05/2024.
Raikar, M. e Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540, Índia. IEEE.
Samtani, S. et al. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33(2):63–73.
Sarabi, A., Yin, T., e Liu, M. (2023). An LLM-based Framework for Fingerprinting Internet-connected Devices. In Proceedings of the 2023 ACM on Internet Measurement Conference, IMC ’23, pages 478–484, EUA. ACM.
Wang, R. et al. (2022). WYSIWYG: IoT Device Identification Based on WebUI Login Pages. Sensors, 22(13).
Wang, X. et al. (2009). Extraction of fingerprint from regular expression for efficient prefiltering. In 2009 IEEE International Conference on Communications Technology and Applications, pages 221–226, China. IEEE.
Publicado
16/09/2024
Como Citar
PONCE, Lucas M. et al.
Identificação de Serviços e Dispositivos em Dados de Motores de Busca para o Enriquecimento de Análise de Vulnerabilidades. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 367-382.
DOI: https://doi.org/10.5753/sbseg.2024.241721.
