Identification of Services and Devices in Search Engine Data for Enrichment of Vulnerability Analysis
Abstract
The enumeration of network-connected assets is an important step in vulnerability analysis. In this context, the use of search engines like Shodan has become popular for identifying services and devices accessible through the Internet. However, the information collected by these engines is incomplete and often does not keep pace with the speed at which new services emerge. This paper presents a solution for efficient service enumeration based on fingerprints. To validate our solution, we compared the information obtained by our framework with that provided by Shodan. For example, our solution enables the increase in the identification of services such as the operating system by 1.6 times and hardware information by up to 14 times. We also present two use cases of how our framework can assist in vulnerability analysis by providing more accurate information.References
Al-Alami, H., Hadi, A., e Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. In 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), pages 1–6, Jordan. IEEE.
Albataineh, A. e Alsmadi, I. (2019). IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries. In 2019 IEEE 20th International Symposium on “A World of Wireless, Mobile and Multimedia Networks”, pages 1–5, EUA. IEEE.
Cheng, H. et al. (2021). Identify IoT Devices through Web Interface Characteristics. In 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pages 405–410. IEEE.
Daskevics, A. e Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In 2021 Second International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pages 38–45, Estonia. IEEE.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pages 542–553, EUA. ACM.
Gasser, O., Holz, R., e Carle, G. (2014). A deeper understanding of SSH: Results from Internet-wide scans. In 2014 IEEE Network Operations and Management Symposium, pages 1–9, Poland. IEEE.
Genge, B. e Enăchescu, C. (2016). ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and Communication Networks, 9(15):2696–2714.
Majumder, A., Rastogi, R., e Vanama, S. (2008). Scalable regular expression matching on data streams. In Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, SIGMOD ’08, pages 161–172, EUA. ACM.
Markowsky, L. e Markowsky, G. (2015). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), volume 1, pages 463–467. IEEE.
Microservice (2022). O que é análise de vulnerabilidade e qual sua importância? [link]. Acessado em 31/05/2024.
Moriot, C. et al. (2022). How to build socio-organizational information from remote ip addresses to enrich security analysis? In 2022 IEEE 47th Conference on Local Computer Networks (LCN), pages 287–290. IEEE.
Nogueira, M. et al. (2023). A Large Scale Characterization of Device Uptimes. IEEE Transactions on Emerging Topics in Computing, 11(3):553–565.
Novianto, B., Suryanto, Y., e Ramli, K. (2021). Vulnerability analysis of internet devices from indonesia based on exposure data in shodan. In IOP Conference Series: Materials Science and Engineering, volume 1115, page 012045. IOP Publishing.
O’Hare, J., Macfarlane, R., e Lo, O. (2019). Identifying vulnerabilities using internet-wide scanning data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pages 1–10.
Ponce, L. et al. (2023). Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In Anais do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 15–28, Porto Alegre, RS, Brasil. SBC.
Ponce, L. et al. (2024). Arcabouço Multi-motor para Detecção de Vulnerabilidades na Internet Brasileira. In Anais do XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 197–210, Porto Alegre, RS, Brasil. SBC.
Popescu, M. (2016). Internet Census, 2016. [link]. Acessado em 31/05/2024.
Project, H. (2024). Hyperscan - ultra-fast regular expression matching library. [link]. Acessado em 31/05/2024.
Raikar, M. e Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540, Índia. IEEE.
Samtani, S. et al. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33(2):63–73.
Sarabi, A., Yin, T., e Liu, M. (2023). An LLM-based Framework for Fingerprinting Internet-connected Devices. In Proceedings of the 2023 ACM on Internet Measurement Conference, IMC ’23, pages 478–484, EUA. ACM.
Wang, R. et al. (2022). WYSIWYG: IoT Device Identification Based on WebUI Login Pages. Sensors, 22(13).
Wang, X. et al. (2009). Extraction of fingerprint from regular expression for efficient prefiltering. In 2009 IEEE International Conference on Communications Technology and Applications, pages 221–226, China. IEEE.
Albataineh, A. e Alsmadi, I. (2019). IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries. In 2019 IEEE 20th International Symposium on “A World of Wireless, Mobile and Multimedia Networks”, pages 1–5, EUA. IEEE.
Cheng, H. et al. (2021). Identify IoT Devices through Web Interface Characteristics. In 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS), pages 405–410. IEEE.
Daskevics, A. e Nikiforova, A. (2021). ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detection tool or what Internet of Things Search Engines know about you. In 2021 Second International Conference on Intelligent Data Science Technologies and Applications (IDSTA), pages 38–45, Estonia. IEEE.
Durumeric, Z. et al. (2015). A Search Engine Backed by Internet-Wide Scanning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15, pages 542–553, EUA. ACM.
Gasser, O., Holz, R., e Carle, G. (2014). A deeper understanding of SSH: Results from Internet-wide scans. In 2014 IEEE Network Operations and Management Symposium, pages 1–9, Poland. IEEE.
Genge, B. e Enăchescu, C. (2016). ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services. Security and Communication Networks, 9(15):2696–2714.
Majumder, A., Rastogi, R., e Vanama, S. (2008). Scalable regular expression matching on data streams. In Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, SIGMOD ’08, pages 161–172, EUA. ACM.
Markowsky, L. e Markowsky, G. (2015). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), volume 1, pages 463–467. IEEE.
Microservice (2022). O que é análise de vulnerabilidade e qual sua importância? [link]. Acessado em 31/05/2024.
Moriot, C. et al. (2022). How to build socio-organizational information from remote ip addresses to enrich security analysis? In 2022 IEEE 47th Conference on Local Computer Networks (LCN), pages 287–290. IEEE.
Nogueira, M. et al. (2023). A Large Scale Characterization of Device Uptimes. IEEE Transactions on Emerging Topics in Computing, 11(3):553–565.
Novianto, B., Suryanto, Y., e Ramli, K. (2021). Vulnerability analysis of internet devices from indonesia based on exposure data in shodan. In IOP Conference Series: Materials Science and Engineering, volume 1115, page 012045. IOP Publishing.
O’Hare, J., Macfarlane, R., e Lo, O. (2019). Identifying vulnerabilities using internet-wide scanning data. In 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), pages 1–10.
Ponce, L. et al. (2023). Um Arcabouço para Processamento Escalável de Vulnerabilidades e Caracterização de Riscos à Conformidade da LGPD. In Anais do XXIII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 15–28, Porto Alegre, RS, Brasil. SBC.
Ponce, L. et al. (2024). Arcabouço Multi-motor para Detecção de Vulnerabilidades na Internet Brasileira. In Anais do XLII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 197–210, Porto Alegre, RS, Brasil. SBC.
Popescu, M. (2016). Internet Census, 2016. [link]. Acessado em 31/05/2024.
Project, H. (2024). Hyperscan - ultra-fast regular expression matching library. [link]. Acessado em 31/05/2024.
Raikar, M. e Maralappanavar, M. (2021). Vulnerability assessment of MQTT protocol in Internet of Things (IoT). In Int. Conf. Cyber Secur., pages 535–540, Índia. IEEE.
Samtani, S. et al. (2018). Identifying SCADA Systems and Their Vulnerabilities on the Internet of Things: A Text-Mining Approach. IEEE Intelligent Systems, 33(2):63–73.
Sarabi, A., Yin, T., e Liu, M. (2023). An LLM-based Framework for Fingerprinting Internet-connected Devices. In Proceedings of the 2023 ACM on Internet Measurement Conference, IMC ’23, pages 478–484, EUA. ACM.
Wang, R. et al. (2022). WYSIWYG: IoT Device Identification Based on WebUI Login Pages. Sensors, 22(13).
Wang, X. et al. (2009). Extraction of fingerprint from regular expression for efficient prefiltering. In 2009 IEEE International Conference on Communications Technology and Applications, pages 221–226, China. IEEE.
Published
2024-09-16
How to Cite
PONCE, Lucas M. et al.
Identification of Services and Devices in Search Engine Data for Enrichment of Vulnerability Analysis. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 367-382.
DOI: https://doi.org/10.5753/sbseg.2024.241721.
