Abstract
The Internet of things (IoT) and critical infrastructure utilizing operational technology (OT) protocols are nowadays a common attack target and/or attack surface used to further propagate malicious actions. Deception techniques such as honeypots have been proposed for both IoT and OT but they either lack an extensive evaluation or are subject to fingerprinting attacks. In this paper, we extend and evaluate RIoTPot, a hybrid-interaction honeypot, by exposing it to attacks on the Internet and perform a longitudinal study with multiple evaluation parameters for three months. Furthermore, we publish the aforementioned study in the form of a dataset that is available to researchers upon request. We leverage RIoTPot's hybrid-interaction model to deploy it in three interaction variants with six protocols deployed on both cloud and self-hosted infrastructure to study and compare the attacks gathered. At a glance, we receive 10.87 million attack events originating from 22,518 unique IP addresses that involve brute-force, poisoning, multistage and other attacks. Moreover, we fingerprint the attacker IP addresses to identify the type of devices who participate in the attacks. Lastly, our results indicate that the honeypot interaction levels have an important role in attracting specific attacks and scanning probes.
Originalsprog | Engelsk |
---|---|
Titel | Proceedings of the 38th Annual Computer Security Applications Conference (ACSAC) 2022 |
Antal sider | 14 |
Forlag | Association for Computing Machinery |
Publikationsdato | 5 dec. 2022 |
Sider | 742-755 |
ISBN (Elektronisk) | 9781450397599 |
DOI | |
Status | Udgivet - 5 dec. 2022 |
Begivenhed | Annual Computer Security Applications Conference 2022 (ACSAC) - AT&T Conference Center, Austin, USA Varighed: 5 dec. 2022 → 9 dec. 2022 |
Konference
Konference | Annual Computer Security Applications Conference 2022 (ACSAC) |
---|---|
Lokation | AT&T Conference Center |
Land/Område | USA |
By | Austin |
Periode | 05/12/2022 → 09/12/2022 |
Fingeraftryk
Dyk ned i forskningsemnerne om 'Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots'. Sammen danner de et unikt fingeraftryk.Forskningsdatasæt
-
A dataset of hybrid IoT/OT honeypots
Srinivasa, S. (Ophavsperson), Pedersen, J. M. (Ophavsperson) & Vasilomanolakis, E. (Ophavsperson), Technical University of Denmark, 2022
DOI: 10.11583/dtu.21088651.v1, https://data.dtu.dk/articles/dataset/A_dataset_of_hybrid_IoT_OT_honeypots/21088651/1
Datasæt
-
A dataset of hybrid IoT/OT honeypots
Srinivasa, S. (Ophavsperson), Pedersen, J. M. (Ophavsperson) & Vasilomanolakis, E. (Ophavsperson), Technical University of Denmark, 2022
DOI: 10.11583/dtu.21088651, https://data.dtu.dk/articles/dataset/A_dataset_of_hybrid_IoT_OT_honeypots/21088651
Datasæt