Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots

Shreyas Srinivasa, Jens Myrup Pedersen, Emmanouil Vasilomanolakis*

*Corresponding author for this work

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

6 Citations (Scopus)
53 Downloads (Pure)

Abstract

The Internet of things (IoT) and critical infrastructure utilizing operational technology (OT) protocols are nowadays a common attack target and/or attack surface used to further propagate malicious actions. Deception techniques such as honeypots have been proposed for both IoT and OT but they either lack an extensive evaluation or are subject to fingerprinting attacks. In this paper, we extend and evaluate RIoTPot, a hybrid-interaction honeypot, by exposing it to attacks on the Internet and perform a longitudinal study with multiple evaluation parameters for three months. Furthermore, we publish the aforementioned study in the form of a dataset that is available to researchers upon request. We leverage RIoTPot's hybrid-interaction model to deploy it in three interaction variants with six protocols deployed on both cloud and self-hosted infrastructure to study and compare the attacks gathered. At a glance, we receive 10.87 million attack events originating from 22,518 unique IP addresses that involve brute-force, poisoning, multistage and other attacks. Moreover, we fingerprint the attacker IP addresses to identify the type of devices who participate in the attacks. Lastly, our results indicate that the honeypot interaction levels have an important role in attracting specific attacks and scanning probes.

Original languageEnglish
Title of host publicationProceedings of the 38th Annual Computer Security Applications Conference (ACSAC) 2022
Number of pages14
PublisherAssociation for Computing Machinery
Publication date5 Dec 2022
Pages742-755
ISBN (Electronic)9781450397599
DOIs
Publication statusPublished - 5 Dec 2022
EventAnnual Computer Security Applications Conference 2022 (ACSAC) - AT&T Conference Center, Austin, United States
Duration: 5 Dec 20229 Dec 2022

Conference

ConferenceAnnual Computer Security Applications Conference 2022 (ACSAC)
LocationAT&T Conference Center
Country/TerritoryUnited States
CityAustin
Period05/12/202209/12/2022

Keywords

  • Cyber Deception
  • Honeypots
  • Interaction
  • operation technology
  • deception
  • honeypots
  • IoT

Fingerprint

Dive into the research topics of 'Interaction matters: a comprehensive analysis and a dataset of hybrid IoT/OT honeypots'. Together they form a unique fingerprint.

Cite this