More Web Proxy on the site http://driver.im/

poster

A Multi-phased Multi-faceted IoT Honeypot Ecosystem

Authors:

Armin Ziaie Tabari,

Xinming OuAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Pages 2121 - 2123

https://doi.org/10.1145/3372297.3420023

Published: 02 November 2020 Publication History

Abstract

The rapid growth of Internet of Things (IoT) devices makes it vitally important to understand real-world cybersecurity threats to them. Traditionally, honeypots have been used as decoys to mimic real devices on a network and help researchers/organizations understand the dynamic of threats. A crucial condition for a honeypot to yield useful insights is to let attackers believe they are real systems used by humans and organizations. However, IoT devices pose unique challenges in this respect, due to the large variety of device types and the physical-connectedness nature. In this work, we (1) presented an approach to create a multi-phased multi-faceted honeypot ecosystem, where researchers gradually increase the sophistication of a low-interaction IoT honeypot by observing real-world attackers' behaviors, (2) built a low-interaction honeypot for IoT cameras that allowed researchers to gain a concrete understanding of what attackers were going after on IoT camera devices, and (3) designed a proxy instance, called ProxyPot, that sits between IoT devices and the external network and helps researchers study the IoT devices' inbound/outbound communication. We used PorxyPot as a means to understanding attacks against IoT cameras and increasing the honeypot's sophistication. We deployed honeypots for more than two years. Our preliminary results showed that we were able to attract increasingly sophisticated attack data in each new phase. Moreover, we captured activities that appeared to involve direct human interactions rather than purely automated scripts.

References

[1]

"The growth in connected IoT devices is expected to generate 79.4ZB of data in 2025, according to a new IDC forecast," Jun 2019.

[2]

P. Newman, "The Internet of Things 2020: Here's what over 400 IoT decision-makers say about the future of enterprise connectivity and how IoT companies can use it to grow revenue," Mar 2020.

[3]

"Cisco visual networking index: Forecast and trends, 2017--2022 white paper," Feb 2019.

[4]

"IoT heading for mass adoption by 2019," Feb 2017.

[5]

"The search engine for the internet of things," https://www.shodan.io/.

[6]

Z. Durumeric, D. Adrian, A. Mirian, M. Bailey, and J. A. Halderman, "A search engine backed by Internet-wide scanning," in the 22nd ACM Conference on Computer and Communications Security, Oct. 2015.

[7]

"SIEM, AIOps, application management, log management, machine learning, and compliance," https://www.splunk.com/.

[8]

A. Ziaie Tabari and X. Ou, "A first step towards understanding real-world attacks on IoT devices," arXiv e-prints, Mar. 2020, https://arxiv.org/abs/2003.01218.

[9]

T. Luo, Z. Xu, X. Jin, Y. Jia, and X. Ouyang, "IoTCandyJar: Towards an intelligent-interaction honeypot for IoT devices," in Black Hat USA, 2017.

[10]

B. Wang, Y. Dou, Y. Sang, Y. Zhang, and J. Huang, "IoTCMal: Towards a hybrid IoT honeypot for capturing and analyzing malware," in the IEEE International Conference on Communications (ICC), 2020.

[11]

X. Feng, X. Liao, X. Wang, H. Wang, Q. Li, K. Yang, H. Zhu, and L. Sun, "Understanding and securing device vulnerabilities through automated bug report analysis," in the 28th USENIX Conference on Security Symposium, 2019.

[12]

A. Vetterl and R. Clayton, "Honware: A virtual honeypot framework for capturing CPE and IoT zero days," in the APWG Symposium on Electronic Crime Research (eCrime), 2019.

[13]

Y. P. Minn, S. Suzuki, K. Yoshioka, T. Matsumoto, and C. Rossow, "IoTPOT: Analysing the rise of IoT compromises," in the 9th USENIX Workshop on Offensive Technologies (WOOT), 2015.

[14]

J. D. Guarnizo, A. Tambe, S. S. Bhunia, M. Ochoa, N. O. Tippenhauer, A. Shabtai, and Y. Elovici, "Siphon: Towards scalable high-interaction physical honeypots," in the 3rd ACM Workshop on Cyber-Physical System Security, 2017.

Digital Library

[15]

S. Dowling, M. Schukat, and H. Melvin, "A zigbee honeypot to assess IoT cyberattack behaviour," in the 28th Irish Signals and Systems Conference (ISSC), 2017.

[16]

S. Chamotra, R. K. Sehgal, S. Ror et al., "Honeypot deployment in broadband networks," in the International Conference on Information Systems Security, 2016.

[17]

M. Wang, J. Santillan, and F. Kuipers, "Thingpot: An interactive Internet-of-Things honeypot," arXiv preprint arXiv:1807.04114, 2018.

[18]

M. A. Hakim, H. Aksu, A. S. Uluagac, and K. Akkaya, "U-pot: A honeypot framework for UPnP-based IoT devices," in the IEEE 37th International Performance Computing and Communications Conference (IPCCC), 2018.

Cited By

Lu JLi WSun JXiao RLiao B(2024)Secure and Real-Time Traceable Data Sharing in Cloud-Assisted IoTIEEE Internet of Things Journal10.1109/JIOT.2023.331476411:4(6521-6536)Online publication date: 15-Feb-2024
https://doi.org/10.1109/JIOT.2023.3314764
Tian L(2024)Next career recommendation in Mississippi with artificial intelligenceJournal of Computational and Applied Mathematics10.1016/j.cam.2023.115458437(115458)Online publication date: Feb-2024
https://doi.org/10.1016/j.cam.2023.115458
Zhao ZSrinivasa SVasilomanolakis EAlmgren MFernandes E(2023)SweetCam: an IP Camera HoneypotProceedings of the 5th Workshop on CPS&IoT Security and Privacy10.1145/3605758.3623495(75-81)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3605758.3623495
Show More Cited By

Index Terms

A Multi-phased Multi-faceted IoT Honeypot Ecosystem
1. Security and privacy

Recommendations

HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through Reinforcement Learning
WiSec '23: Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks

As IoT devices are becoming widely deployed, there exist many threats to IoT-based systems due to their inherent vulnerabilities. One effective approach to improving IoT security is to deploy IoT honeypot systems, which can collect attack information ...
Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
Abstract
Intrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...
Probing Firewalls of Malware-Infected Networks with Honeypot
CFI'19: Proceedings of the 14th International Conference on Future Internet Technologies

Today, regardless of firewalls deployed at the gateway of the local area networks (LAN), the hosts inside the LAN are frequently got infected by malware. Firewall should be the basic protection scheme, but the effectiveness of firewalls has been ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Check for updates

Author Tags

Qualifiers

Poster

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
807
Total Downloads

Downloads (Last 12 months)106
Downloads (Last 6 weeks)25

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lu JLi WSun JXiao RLiao B(2024)Secure and Real-Time Traceable Data Sharing in Cloud-Assisted IoTIEEE Internet of Things Journal10.1109/JIOT.2023.331476411:4(6521-6536)Online publication date: 15-Feb-2024
https://doi.org/10.1109/JIOT.2023.3314764
Tian L(2024)Next career recommendation in Mississippi with artificial intelligenceJournal of Computational and Applied Mathematics10.1016/j.cam.2023.115458437(115458)Online publication date: Feb-2024
https://doi.org/10.1016/j.cam.2023.115458
Zhao ZSrinivasa SVasilomanolakis EAlmgren MFernandes E(2023)SweetCam: an IP Camera HoneypotProceedings of the 5th Workshop on CPS&IoT Security and Privacy10.1145/3605758.3623495(75-81)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3605758.3623495
Auti APagar SMishra VMakwana JBorade S(2023)HoneyTrack: An improved honeypot2023 IEEE International Students' Conference on Electrical, Electronics and Computer Science (SCEECS)10.1109/SCEECS57921.2023.10063105(1-6)Online publication date: 18-Feb-2023
https://doi.org/10.1109/SCEECS57921.2023.10063105
Junges PFrançois JFestor O(2023)HiFiPot: a High-Fidelity Emulation Framework for Internet of Things HoneypotsNOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS56928.2023.10154359(1-9)Online publication date: 8-May-2023
https://doi.org/10.1109/NOMS56928.2023.10154359
Sethuraman SJadapalli TSudhakaran DMohanty S(2023)Flow based containerized honeypot approach for network traffic analysis: An empirical studyComputer Science Review10.1016/j.cosrev.2023.10060050(100600)Online publication date: Nov-2023
https://doi.org/10.1016/j.cosrev.2023.100600
Srinivasa SPedersen JVasilomanolakis E(2022)Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypotsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564645(742-755)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564645
Zimmermann TLanfer EAschenbruck N(2022)Developing a Scalable Network of High-Interaction Threat Intelligence Sensors for IoT Security2022 IEEE 47th Conference on Local Computer Networks (LCN)10.1109/LCN53696.2022.9843744(251-253)Online publication date: 26-Sep-2022
https://doi.org/10.1109/LCN53696.2022.9843744
Guan CChen XCao GZhu SPorta T(2022)HoneyCam: Scalable High-Interaction Honeypot for IoT Cameras Based on 360-Degree Video2022 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS56114.2022.9947265(82-90)Online publication date: 3-Oct-2022
https://doi.org/10.1109/CNS56114.2022.9947265
Ellouh MGhaleb MFelemban M(2022)IoTZeroJar: Towards a Honeypot Architecture for Detection of Zero-Day Attacks in IoT2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)10.1109/CICN56167.2022.10008323(765-771)Online publication date: 4-Dec-2022
https://doi.org/10.1109/CICN56167.2022.10008323
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents