Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots

Shreyas Srinivasa, Jens Myrup Pedersen, Emmanouil Vasilomanolakis

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

224 Downloads (Pure)

Abstract

The Internet of things (IoT) and critical infrastructure utilizing operational technology (OT) protocols are nowadays a common attack target and/or attack surface used to further propagate malicious actions. Deception techniques such as honeypots have been proposed for both IoT and OT but they either lack an extensive evaluation or are subject to fingerprinting attacks. In this paper, we extend and evaluate RIoTPot, a hybrid-interaction honeypot, by exposing it to attacks on the Internet and perform a longitudinal study with multiple evaluation parameters for three months. Furthermore, we publish the aforementioned study in the form of a dataset that is available to researchers upon request. We leverage RIoTPot’s hybrid-interaction model to deploy it in three interaction variants with six protocols deployed on both cloud and self-hosted infrastructure to study and compare the attacks gathered. At a glance, we receive 10.87 million attack events originating from 22, 518 unique IP addresses that involve brute-force, poisoning, multistage and other attacks. Moreover, we fingerprint the attacker IP addresses to identify the type of devices who participate in the attacks. Lastly, our results indicate that the honeypot interaction levels have an important role in attracting specific attacks and scanning probes.
Original languageEnglish
Title of host publicationProceedings of the 38th Annual Computer Security Applications Conference
PublisherAssociation for Computing Machinery
Publication date2022
Pages742–755
ISBN (Print)978-1-4503-9759-9
DOIs
Publication statusPublished - 2022
Event38th Annual Computer Security Applications Conference - AT&T Conference Center, Austin, United States
Duration: 5 Dec 20229 Dec 2022
https://www.acsac.org/

Conference

Conference38th Annual Computer Security Applications Conference
LocationAT&T Conference Center
Country/TerritoryUnited States
CityAustin
Period05/12/202209/12/2022
Internet address

Fingerprint

Dive into the research topics of 'Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots'. Together they form a unique fingerprint.

Cite this