Dartaaki dashborad
Shadowserver dashboard holli hasace mar ɗum daraja masin jai holli asali datasetji ɗum Shadowserver jaɓi den sendi hedi kuuɗe majum jai kodai ko ɓuri rahotoji 100 jai kullum. Ɗ aala ɗum dataset ji gam heftuki babal atak banginaɗum, naunanɗe,soide sari wadugo jai netwokji bana bo daaruki atakji. Bayanu sendaɗum ha dow rahotoji, ɗo saawi bayanu ko shafi mataki IP ha ko darani musamman netwok ko ma bo cuɓirɗum. Shadowserver Dashboard hadi mataki ɗo granularity. Maimako ɗum holla mataki hasace mauɗum kollojum kuuɗe ɗe. Ɗ o ɗalete insights ha der barazanaji kesi garoji, Naunanɓde, fe’annoji gaddoji yaake awareness gam ɓedduki ɗuuɗal himbe amman gam faddaki anonomity jai huri patiji.
Led ɓe anditirɗi
Hokkugo bayanu ɗo shiryama dai daiasgol a nanta anditirɗum. asgol ɗum esentially bayanu Fuungooji je ɗon mari matotiral do kujeji feere. Fuɗɗamji je ɗon honeypot
, population
, scan
, sinkhole
Limgal himɓe e nanta laarugo wadama ha ko shafi datasetji be limgal himɓe man wanginama ha ragare point limaɗum wala naunande/saro foodirɗum. A 6
suffix wakkili Bayanu IPv6 (kala nastinɗum jai wala suffix fuu yerɓama ha Bayanu IPv4).
Asli maran anditirɗum kautaɗum ɓe nanta waɗugo ɓeddari context gam bayanu gaddaaɗum. Misalu, tags for scan
ɗo hauti be asli kalaji scan fere (ɗum ɗon ma'ana kudeji/waltaali gaɗaɗum laɓɓinaa bana telnet
, ftp
a nanta rdp
). Anditirɗum jai sinkhole
Ɗum haskoto ha asli iyalu malware gam hautugo ha sinkhole (banta nyauraɓe iri jai iyalu malware bana adload
, andromeda
a nanta necurs
).
Anditirɗum gaddaɗum ha nder bayanu gaɗaɗum.
Ɓeddari bo waaɗugo ɓeddari ha sendutugo gam hasko ha daruki dow naunanɗe ko waɗo ɓe sulhu - misalu, http_vulnerable
ko compromised_website
. Ɗo on asali saawi anditirɗum jai haskoto naunanɗe CVE bi’aɗum, sooroɓe ko kare nyauraaɗe ko bayanu dow dammuɗe ɓaawo, webshells ko dasa ɗum gi’ ɗum. Misalu jai http_vulnerable
waawai citrix
ko cve-2023-3519
.
Ragare ni en ɓeddai faddago ha datasetji amin, en ummidirto ɓe anditirɗi ɗuɗɗi. Ɗ o ɗon nufo dow nau’uji fuɗɗano kesum wawai wanga ha daga suɓugo. Misalu, be dai snmp
anditirɗum waɗama daga asgol scan
, ɗum waɗama featured ha asgol. Ɗ o ɗalai en gaɗen granula snmp ɗuuɗum waaɗu laarugo sakamako jai hokkatama daama ha daarugo sakamako jai snmp gadadum jai musamman hautaade be naunande bana cve-2017-6736
.
Lawol koigol jai bayanuji seddaɗi: laral jaangirde nanre
Datasetji gaɗaaɗuum ɗon jaɓe hedi sekeli mauɗum ɗuuɗum, laaɓi njabuki hautidiri sinkholing gadadum secanin e nanta honeypots. Laarugo e nanta honeypots. categoriji ɗo kanji woni asaliji jai dataset ɗo sende hedi laral jaangirde jai nanre, kala iri categoriji hollojum hedi kukon ferefere.
Haaje amin ni ɗalukilaabi koiɗi ha yollago hetaɗum fuɗɗano sendaaɗum. Misalu:
-
Sinkholes - waddi daaral jai datasetji mooɓaaɗum hedi fuɗɗano
sinkhole
. A wawai daara sakamako sinkhole jai musamman be suɓugo anditirɗum ko mobgal anditirɗum. -
Skanji - Datasetji ji waɗama ha laarugo mobgal hedi asgol
scan
(ɗo ɗon saawi sakamakoji scana ɗi jai kuuɗe marɗe hunde ko shafi rento hokka ɗum hautaade ɓe maɓɓe, awawai bo daara sakamako jai ɗuuɗal be subtuki kashi asgolpopulation
dow). Dai sai laara sakamakoji gaɗaɗi scani musamman hedi subtugo anditirɗum ko mobgal anditirɗum. -
Honeypots - Datasetji ji waɗama ha laarugo mobgal dataset ji hedi asgol
honeypot
. A footi laarugo sappinol honeypot feere ta suɓugo anditirgel mala geeɓe tagji. -
DDoS - Datasetji ji waɗama ha laarugo mobgal datasetji ji hedi
honeypot_ddos_amp
. Ɗo won ɓeddari DDoS fijirle gii’aɗum jai target musamman ha lesdi/wakere nde musamman. nden sai daara ɗaatal faddago jai musaman naftorteɗum hedi suɓugo anditirɗum ko mobgal anditirɗum. -
ICS - hokku ndarduɗe jai datasetji mooɓaaɗe hedi asgol
ics
(sakamakoji gaaɗaaɗi scan masana’antaji jai leddi hakkilango yarjejeniya jai systemji). Nden a laara yarjejeniya jai leddi naftora ɗum ha suɓugo anditirɗum ko mobgal anditirdu. -
Web CVEs - Datasetji ji waɗama ha laarugo mobgal datasetji hedi
http_vulnerable
beexchange
. Do dum raunini dabbutuki web kebadum ha laarugo amin yawanci hedi CVE. Awawai laarugo CVE ji ko kare nyaurade be subugo anditirdum ko mobgal anditirdum.
Limgalji matinolji footi sendira ha lesɗe ko be matotiral lesɗe, wakkereji be lesɗe.
Kala dataset fuu tindiniraama ha “Ko shafi bayanu do”.
Useni andu woodi datasets ɗuuɗum gam hutinirgo dow gaɗaɗaɗum highlighting. Misalu, fuɗɗano beacon
daalete ha wadugo bincike baawo naftoraaki fame kuugal C2s en gi’ai laarugo amin, e nanta asgol compromised_website
accete gaada bincike sulhu gadaadum web endpoints gii’adum ha scan ji amin.
Navigation bar jai dow
Jaɓɓorgobar jai dalata ha daarugo cubi jai bayanu gadaadum, bana no daarugo na’ura heftugo be waadugo fijirle hakkilo ha dataset ji.
Mboɓgal hasace
Mboɓgal hasaceji hauti be bauɗe daarugo kala fuɗɗano e nanta anditirgelbe suɓugo:
- Taswira duniyaru - a taswira duniyaru ɗo holla cubaɗum asgol a nanta anditirɗum. Mbeddari siffa hauti be: wawuki canjuki laarirdum holli yawanci anditirdum burdum duuduki ha kala lesdi fu ha asgol, fotidirki ha dudal himbe GDP, hautu huwoobe be feere feere. A wawai fahin cuba alama ha taswira gam holluki daraja jai kala lesdi fu.
- Taswira jai wakere - taskaram darnde lesdi holli lesde senditiide ha wakere be lardiji.
- Hauruki taswira - a hauruki taswiraji lesde diidi.
- Jeri wakkatiji - ɗatal hollatafuɗɗano a nanta anditirge hautuki dow wakkati. Andu dow dum dalete semdugo bayanuji ha yanayi ferefere (na jai lesdi tan ba).
- Daaruki - hokki ma cubi duudinha wasuki less nder datasetji, daraja dedaiyajum dow wakkati. Daalete ha wanginki bayanu ha siffa jai teburji, dabare barji, didi bubble e nanta duudum nder maaji.
Na’ura hasace jai IoT (limtol anditol kujeji)
Datasetji ndo hauti be daarugo gadetedum fotol kullum wangini darnde keerol moobadum hedi wanginki soorobe e nanta kare mabbe kefftaade hedi laarugo amin. bayanu ndo kashi soorobe, misaalu ji a nanta nau’iji na’uraji. ndo dum hebaama hedi hunde nduddum, hauti be gondum nder pegi web SSL/TLS bannerji certificate ji holladum etc. Datasetji ndo saawi bayanu limgal himbe tan ie. wala kimantawa kebaadum jai hauti be naunande banginde eandpoint (gam hebuki dum, subtu asgol bana misalu http_vulnerable
lesɗe “Mboɓgal hasace” ha wakkere man).
Daarde nandude dabareji bana nder “Mboɓgal hasace” don be nanta ferotiral dow naftorago asgol be anditirɗum a daarai min ha (e hauti be) sorooɓe, misaaluji a nanta iri kujeji dow.
Fijirle hasace: naunanɗe
Dataset be daarde nandude hokki snapshot jai kodai jai atack daarite dum hedi sensor honeypot network amin, be lornugo hakkilo ha naunande naftoadum hedi wanginki. Do hauri be baude holluki kare jai mbe buri wadugo fijirle gam wanginki no (ɗum ɗon ma'ana jai wangini naunande kanjum hauti be CVE bangudum jai musamman). Awawai laarugo chart hedi asgol jai fijirle e nanta jipporde.
Daarde nandu mde chart ji bana“Mboɓgal hasace” gondum be ferotiral ha dow naftorago asgol a nanta anditirɗum a laarai (e hauti be) sorowo, mas’ala banguɗuum be bofuɗɗano a nanta Jipporde jai fijirle.
Mbeddari daarirdum hakkilanama, mbedda ma bo fahin:
Do dum tuber hesditinadum kullum bo burduum duuduki bangindum naunande moobade hedi asgol boocigol gol IPs daari (ko fijirle gi’adum foodadum, a subtifoodugo hautuki cubi hasace). Bayanu do hebama daga network sensor honeypot amin. Bayanu mobaama be wanginki naunande. Dum don hauti CISA andiraadum naunande taskaramji banginade (hautaade yanayu andiraadum be wanginki mobgal ransomware) bana yanayu fijirle dow na’ura IoT dow jaɓɓorgo.
Hollir dum kiddum holli naunande mburde duudugo naftoaago jai duniyaru fuu, amman siwirduum jai lesdi fuu musamman ko sendutuki ko bo ma holluki tebur anomaly.
Fijirle hasace: Na’uraji
Do dum dataset kautaadum be daarde waadi snapshot jai kullum nau’uji jai waaduki na’uraji daarirtedi hedi sensor honeypot. Diidi koli jai na’uraji timmi hedi laarugo ji amin jai kullum. datasetji don hokka baude gam heftugo nau’uji jai musamman, sorobe na’uraji ko misaalu ji e nanta dum sewete hedi lesdi.
Nandidirdum banta ‘‘Mboɓgal hasace’’ndon be feridirki dow hutinirgo Taskaram asgol e nanta anditirɗum a awawai daarugo (be geeɓe be) fijirdeiri, na’ura sorowo ko misaalu dow.
Mbeddari daarirdum hakkilanama, mbedda ma bo fahin:
Do ɗum table jai ɓurɗum ɗuɗuki fadduki na’uraji hesɗitinaɗi nde weti fuu dardiraɗum hedi source jai IP shaheeɗum (ko fooda waɗuki gi’aɗum, to a suɓi fodol hauruki cuɓol hasace). Holla ma bana ɗum fuu ha dataset categoy ɗum hebi asali daga honeypots sensor network amin. Dum mooɓa ma ha kala fijirle gi’adum fuu, sorowo e nanta mode (to ɗon). Min giɗi waɗugo atakin ‘na’ura hedi waɗugo hauta IPs gi’aɗum be sakamakoji jai na’uraji hutinirgo kullum scan fingerprintig (laaru “na’ura jai hasaceji jai IoT” wakere).
Ha yeewugo darirɗum holli ɓurɗum na’ura fijirle (hedi fuɗɗano) fijirle yi’ama (ɗo hauti be cases ha en mbawata keften na’ura ko bana Misalu, heftu sorowo tan). A subtai gam siiwa jai kala lesdi fuu ko boma sendutugo ko holluki a tebur feerootiral.