RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Shreyas Srinivasa; Jens Myrup Pedersen; Emmanouil Vasilomanolakis

doi:10.1007/978-3-030-88428-4

RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Shreyas Srinivasa, Jens Myrup Pedersen, Emmanouil Vasilomanolakis

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

162 Downloads (Pure)

Abstract

Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments.
RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.

Originalsprog	Engelsk
Titel	Computer Security – ESORICS 2021 : 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II
Antal sider	7
Vol/bind	2
Forlag	Springer
Publikationsdato	2021
Sider	745-751
ISBN (Trykt)	978-3-030-88427-7
ISBN (Elektronisk)	978-3-030-88428-4
DOI	https://doi.org/10.1007/978-3-030-88428-4
Status	Udgivet - 2021
Begivenhed	Computer Security – ESORICS 2021 - Darmstadt, Tyskland Varighed: 4 okt. 2021 → 8 okt. 2021

Konference

Konference	Computer Security – ESORICS 2021
Land/Område	Tyskland
By	Darmstadt
Periode	04/10/2021 → 08/10/2021

Navn	Lecture Notes in Computer Science
Vol/bind	12973
ISSN	0302-9743

Adgang til dokumentet

10.1007/978-3-030-88428-4

riotpot_camera-readyForlagets udgivne version, 449 KB

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Citationsformater

Srinivasa, Shreyas ; Pedersen, Jens Myrup ; Vasilomanolakis, Emmanouil. / RIoTPot : a modular hybrid-interaction IoT/OT honeypot. Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Bind 2 Springer, 2021. s. 745-751 (Lecture Notes in Computer Science, Bind 12973).

@inproceedings{eb5026c4d31d46f5a5a3a69a997dd63a,

title = "RIoTPot: a modular hybrid-interaction IoT/OT honeypot",

abstract = "Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments. RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes. ",

keywords = "Honeypots, Modular, Hybrid, Network Security",

author = "Shreyas Srinivasa and Pedersen, {Jens Myrup} and Emmanouil Vasilomanolakis",

note = "Poster; Computer Security – ESORICS 2021 ; Conference date: 04-10-2021 Through 08-10-2021",

year = "2021",

doi = "10.1007/978-3-030-88428-4",

language = "English",

isbn = "978-3-030-88427-7",

volume = "2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "745--751",

booktitle = "Computer Security – ESORICS 2021",

address = "Germany",

}

Srinivasa, S , Pedersen, JM & Vasilomanolakis, E 2021, RIoTPot: a modular hybrid-interaction IoT/OT honeypot. i Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. bind 2, Springer, Lecture Notes in Computer Science, bind 12973, s. 745-751, Computer Security – ESORICS 2021, Darmstadt, Hesse, Tyskland, 04/10/2021. https://doi.org/10.1007/978-3-030-88428-4

RIoTPot: a modular hybrid-interaction IoT/OT honeypot. / Srinivasa, Shreyas ; Pedersen, Jens Myrup; Vasilomanolakis, Emmanouil.
Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Bind 2 Springer, 2021. s. 745-751 (Lecture Notes in Computer Science, Bind 12973).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - RIoTPot

T2 - Computer Security – ESORICS 2021

AU - Srinivasa, Shreyas

AU - Pedersen, Jens Myrup

AU - Vasilomanolakis, Emmanouil

N1 - Poster

PY - 2021

Y1 - 2021

N2 - Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments. RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.

AB - Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments. RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.

KW - Honeypots

KW - Modular

KW - Hybrid

KW - Network Security

U2 - 10.1007/978-3-030-88428-4

DO - 10.1007/978-3-030-88428-4

M3 - Article in proceeding

SN - 978-3-030-88427-7

VL - 2

T3 - Lecture Notes in Computer Science

SP - 745

EP - 751

BT - Computer Security – ESORICS 2021

PB - Springer

Y2 - 4 October 2021 through 8 October 2021

ER -

Srinivasa S , Pedersen JM, Vasilomanolakis E. RIoTPot: a modular hybrid-interaction IoT/OT honeypot. I Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Bind 2. Springer. 2021. s. 745-751. (Lecture Notes in Computer Science, Bind 12973). doi: 10.1007/978-3-030-88428-4

RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Abstract

Konference

Adgang til dokumentet

AUB Link

Fingeraftryk

Citationsformater