INTEGRATED APPROACH TO DETECTING BLUETOOTH THREATS USING WIRESHARK AND SPLUNK SIEM
DOI:
https://doi.org/10.28925/2663-4023.2024.26.684Keywords:
Bluetooth; DoS attack; spoofing; malicious files; Wireshark; Splunk SIEM; threat detection.Abstract
In the modern world, the Bluetooth protocol is one of the most widespread wireless communication technologies used to transfer data between various devices, ensuring their mobility and functionality. Despite its numerous advantages, the Bluetooth protocol remains vulnerable to cyber threats such as DoS attacks, spoofing, and malicious file transfer. These threats pose risks to data confidentiality, integrity, and availability. They can also lead to device failures and hazards in critical systems such as medical equipment or IoT infrastructure. This article focuses on an integrated approach to Bluetooth security monitoring that combines the capabilities of Wireshark and Splunk SIEM. The attacker’s platform is based on the Kali Linux operating system, known for its comprehensive capabilities for implementing penetration tests and attack simulations, while the victim’s platform was running Windows 11, a modern operating system widely used in various environments. The main types of attacks analyzed are DoS attacks that cause denial of service due to system overload, spoofing attacks, which allow attackers to disguise their devices as legitimate, and transferring malicious files, which can lead to malicious code. For each type of attack, the corresponding Splunk SIEM correlation rules were developed and configured, which made it possible to automate the process of identifying suspicious activities. Wireshark was used for deep analysis of Bluetooth traffic, and Splunk provided prompt notification of anomalies, allowing a quick response to potential threats. The results of the experiment confirm the effectiveness of the proposed approach. For example, in the case of DoS attacks, a significant excess of L2CAP protocol packets was detected, making it possible to identify the source of the threat promptly. For spoofing attacks, rules for identifying unusual MAC addresses were used, and for the transfer of malicious files, data was filtered by specific criteria, such as file type or sender.
Downloads
References
Ogundokun, A. I., Verma, P., & Dev, K. (2021). Denial-of-service attacks in IoT environments: A systematic review. IEEE Access, 9, 9603–9618. https://doi.org/10.1109/ACCESS.2021.9604655
Bose, A., & Shrivastava, S. (2022). Bluetooth security vulnerabilities and mitigation techniques. Advances in Cybersecurity. Springer, Cham, 118–130. https://doi.org/10.1007/978-3-030-93956-4_7
Ullah, M. M., Mehmood, Z., & Iqbal, A. (2023). Bluetooth attacks: Analysis and mitigation techniques. arXiv preprint arXiv:2301.03852. https://arxiv.org/abs/2301.03852
Martinelli, F., Moriello, G., & Viganò, N. (2020). On the vulnerability of Bluetooth Low Energy protocol to spoofing attacks. Purdue University Research. https://www.cs.purdue.edu/news/articles/2020/blesa_ble_vulnerability.html
Narayan, N., & Bedi, P. (2020). A survey on security issues in Bluetooth technology. Wireless Personal Communications, 111(3), 1643–1664. https://doi.org/10.1007/s11277-019-07079-9
Mouheb, D., et al. (2019). Bluetooth security threats and challenges. Computer Standards & Interfaces, 66, 103–112. https://doi.org/10.1016/j.csi.2019.103442
Perkins, J., & Dunn, B. (2021). Introduction to Bluetooth security and potential attack vectors. Journal of Information Security and Applications, 62, 102912. https://doi.org/10.1016/j.jisa.2021.102912
Wei, F., et al. (2022). Real-time threat detection in Bluetooth communications using SIEM solutions. Journal of Network and Computer Applications, 192, 103150. https://doi.org/10.1016/j.jnca.2022.103150
Sahiduzzaman, M., et al. (2021). Application of SIEM in the security monitoring of wireless protocols. IEEE Transactions on Information Forensics and Security, 16, 4138–4150. https://doi.org/10.1109/TIFS.2021.3101929
Johnson, T., et al. (2020). Comparative study of Wireshark and Splunk for intrusion detection. Procedia Computer Science, 170, 645–650. https://doi.org/10.1016/j.procs.2020.03.136
Ström, B., et al. (2020). Bluetooth security: The impact of protocol upgrades. Computer Communications, 154, 63–70. https://doi.org/10.1016/j.comcom.2020.02.010
Lu, R., et al. (2021). Emerging Bluetooth vulnerabilities in IoT devices. IEEE Internet of Things Journal, 8(10), 7928–7936. https://doi.org/10.1109/JIOT.2021.3069534
Nair, A., & Abraham, S. (2019). Mitigation of Bluetooth MITM attacks in wireless systems. International Journal of Network Security, 21(4), 713–722. https://doi.org/10.6633/IJNS.201907_21(4).13
Sakamoto, T., et al. (2020). Analysis and classification of Bluetooth DoS attacks using Wireshark. Security and Communication Networks, 2020. https://doi.org/10.1155/2020/8581267
Lyu, X., et al. (2019). Detection of spoofing and other attacks in Bluetooth networks. IEEE Transactions on Wireless Communications, 18(12), 5715–5728. https://doi.org/10.1109/TWC.2019.2947815
Yaqoob, I., et al. (2021). IoT security and privacy: A review of Bluetooth vulnerabilities. Sensors, 21(3), 753. https://doi.org/10.3390/s21030753
Bose, A., et al. (2020). Utilizing SIEM for anomaly detection in Bluetooth communications. Future Generation Computer Systems, 108, 727–737. https://doi.org/10.1016/j.future.2020.03.042
Gupta, S., & Kumar, S. (2022). Evaluation of Bluetooth-based attacks using network traffic analysis. International Journal of Communication Networks and Information Security, 14(3), 291–300.
Mayberry, T., et al. (2018). Advances in Bluetooth cryptographic security. ACM Transactions on Information and System Security (TISSEC), 21(4). https://doi.org/10.1145/3281484
Raman, S., & Madan, P. (2019). Threats to Bluetooth communications and modern detection mechanisms. Journal of Computer Virology and Hacking Techniques, 15(3), 175–188. https://doi.org/10.1007/s11416-019-00332-5.
Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Ольга Партика, Богдан Фіголь, Тарас Наконечний
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
