mis 510 c yber a nalytic p roject aditya agrawal hang liu meiqi yang yinchen li 2.26.2014
TRANSCRIPT
![Page 1: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/1.jpg)
MIS 510 CYBER ANALYTIC PROJECT
Aditya AgrawalHang LiuMeiqi YangYinchen Li
2.26.2014
![Page 2: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/2.jpg)
2
Slides Overview
• Research Questions• Our Research Design– Sample code– RAW Data screenshots– Extra Tables / Figures
• Findings and Discussions
![Page 3: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/3.jpg)
3
Research Questions-RQ 1 MAC OS X System-RQ 2 IoT Attack-RQ 3 Fake Anti-virus-RQ 4 Mobile Security
![Page 4: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/4.jpg)
4
Our Research Design
![Page 5: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/5.jpg)
5
Hacker Web/MYSQL
Select FlatContent, PostDate, PostRank
From cnhonkerarmyposts
Where FlatContent LIKE "%RFID%" OR FlatContent LIKE "%Sensor%" OR FlatContent LIKE "%Node%“
Order by PostDate DESC;
This example MYSQL code is used to collect all discussion on Hacker Web that related to IoT attacks (Based on 3 major methods, RFID, Sensor, and Node.)
![Page 6: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/6.jpg)
6
Shodan/Python
from shodan import WebAPI
SHODAN_API_KEY = "72WhTJ2fOPIhtepGEdaF5Qvevlv8znxB"
api = WebAPI(SHODAN_API_KEY)
try: results = api.search('MAC OS X')
print 'Results found: %s' % results['total'] for result in results['matches']: print 'IP: %s' % result['ip'] print 'Country: %s' % result['country_name'] print result['data']
except Exception, e: print 'Error: %s' % e
This example Python code is used to collect all open OS X devices in Shodan Database and show the IP address and location of the device (By Country)
![Page 7: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/7.jpg)
7
RQ 1 MAC OS XRank Name % of all attacks
1 Trojan.OSX.FakeCo.a 52%
2 Trojan-Downloader.OSX.Jahlav.d 8%
3 Trojan-Downloader.OSX.Flashfake.ai 7%
4 Trojan-Downloader.OSX.FavDonw.c 5%
5 Trojan-Downloader.OSX.FavDonw.a 2%
6 Trojan-Downloader.OSX.Flashfake.ab 2%
7 Trojan-FakeAV.OSX.Defma.gen 2%
8 Trojan-FakeAV.OSX.Defma.f 1%
9 Exploit.OSX.Smid.b 1%
10 Trojan-Downloader.OSX.Flashfake.af 1%
TOP 10 malicious programs for Mac OS X, H2 2012
http://www.securelist.com/en/analysis/204792255/
![Page 8: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/8.jpg)
8
RQ 1 MAC OS X
This is the search result by Hacker Web, shows the topics that are related to Mac OS X system attacks. We searched all 4 language because OS X is a general terms even used by Russian and Arabic.
We do the analytics based on data from 2009 because that is the year when major discussion about OS X system merges.
![Page 9: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/9.jpg)
9
RQ 1 MAC OS X
North America Europe Asia0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
42.7%
32.8%
8.8%
Mac Device by Region
Percentage
-To the left is sample search output using python of all open OS X device.-To the right is the regional analytic of OS X distribution amount 3 major regions
![Page 10: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/10.jpg)
10
RQ 2 IoT
Medical:2257Country %United States 63.0%China 1.0%Russian 0.0%
Building:1948Country %United States 47.8%China 23.3%Russian 2.2%
Government:15214Country %United States 64.3%China 2.9%Russian 1.4%
United States China Russian0.0%
5.0%
10.0%
15.0%
20.0%
25.0%
30.0%
35.0%
40.0%
45.0%
41.9%
6.1%0.6%
Percentage of IoT by Country
%
Country
%
-To the left is result from Shodan of IoT and distribution by categories
-To the right is overall aggregated result of IoT distribution (All 3 categories)
![Page 11: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/11.jpg)
11
RQ 2 IoT
This is the search result by Shodan, shows the distribution of IoT in 3 major categories: Medical devices, Buildings, And Government related host.
The results shows the IP address and host country
![Page 12: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/12.jpg)
12
RQ 3 Fake Anti-virus--UIIt shows the main screen of W32/FakeAV.KL!tr, a professional looking Antivirus software complete with menu and scanning window. In a normal clean computer, it will show that you are infected by at least 14 threats.
https://blog.fortinet.com/how-to-spot-fake-antivirus-software/
![Page 13: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/13.jpg)
13
RQ 4 Mobile Security
http://mediaserver.dwpub.com/press-release/22575/malware_goes_mobile.jpg
![Page 14: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/14.jpg)
14
RQ 4 Mobile Security
https://www.iscanonline.com/assets/iScan%20Mobile%20Security%20Analysis%202013.pdf
![Page 15: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/15.jpg)
15
Findings and Discussions
![Page 16: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/16.jpg)
16
RQ 1 MAC OS XNumber of Malware that can detect OS X system
https://www.securelist.com/en/analysis/204792231/IT_Threat_Evolution_Q1_2012
![Page 17: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/17.jpg)
17
RQ 2 IoT
57.8%
7.9%
34.3%
Distribution of IoT attack discussion in HackerWeb
United States
China
Russia
% Posts
United States 57.8% 194
China 7.9% 381
Russia 34.3% 264
True % All Post
United States 0.00105 185237
China 0.00014 2648393
Russia 0.00062 424721
0.00181
![Page 18: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/18.jpg)
18
RQ 3 Fake Anti-virus
Hacker Web discussion about Fake Anti Virus Software
2006 2007 2008 2009 2010 2011 2012 20130
20
40
60
80
100
120
22 26 32
52
99 10495
114
No. of Fake AV Software Discussion
Post Count
Year
No.
of P
ost
Aggregated result for all Fake AV discussion from 2006 to 2013
![Page 19: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/19.jpg)
19
RQ 4 Mobile Security
2009 2010 2011 2012 20130
50
100
150
200
250
300
Hacker Web Post
Hacker Web Post
Year
# of
Dis
cuss
ion
Number of Hacker Web discussions about mobile Security Issues from 2009 ~ 2013
![Page 20: MIS 510 C YBER A NALYTIC P ROJECT Aditya Agrawal Hang Liu Meiqi Yang Yinchen Li 2.26.2014](https://reader034.vdocuments.site/reader034/viewer/2022051516/56649cef5503460f949bd769/html5/thumbnails/20.jpg)
20
RQ 4 Mobile Security--Mobile Malware
2008
Infojack Feb. 2008
http://mediaserver.dwpub.com/press-release/22575/malware_goes_mobile.jpg