RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Shreyas Srinivasa; Jens Myrup Pedersen; Emmanouil Vasilomanolakis

doi:10.1007/978-3-030-88428-4

RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Shreyas Srinivasa, Jens Myrup Pedersen, Emmanouil Vasilomanolakis

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

97 Downloads (Pure)

Abstract

Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments.
RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.

Original language	English
Title of host publication	Computer Security – ESORICS 2021 : 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II
Number of pages	7
Volume	2
Publisher	Springer
Publication date	2021
Pages	745-751
ISBN (Print)	978-3-030-88427-7
ISBN (Electronic)	978-3-030-88428-4
DOIs	https://doi.org/10.1007/978-3-030-88428-4
Publication status	Published - 2021
Event	Computer Security – ESORICS 2021 - Darmstadt, Germany Duration: 4 Oct 2021 → 8 Oct 2021

Conference

Conference	Computer Security – ESORICS 2021
Country/Territory	Germany
City	Darmstadt
Period	04/10/2021 → 08/10/2021

Series	Lecture Notes in Computer Science
Volume	12973
ISSN	0302-9743

Bibliographical note

Poster

Keywords

Honeypots
Modular
Hybrid
Network Security

Access to Document

10.1007/978-3-030-88428-4

riotpot_camera-readyFinal published version, 449 KB

AUB Link

Search for the material in Aalborg University Library's search engine

Cite this

Srinivasa, Shreyas ; Pedersen, Jens Myrup ; Vasilomanolakis, Emmanouil. / RIoTPot : a modular hybrid-interaction IoT/OT honeypot. Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Vol. 2 Springer, 2021. pp. 745-751 (Lecture Notes in Computer Science, Vol. 12973).

@inproceedings{eb5026c4d31d46f5a5a3a69a997dd63a,

title = "RIoTPot: a modular hybrid-interaction IoT/OT honeypot",

abstract = "Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments. RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes. ",

keywords = "Honeypots, Modular, Hybrid, Network Security",

author = "Shreyas Srinivasa and Pedersen, {Jens Myrup} and Emmanouil Vasilomanolakis",

note = "Poster; Computer Security – ESORICS 2021 ; Conference date: 04-10-2021 Through 08-10-2021",

year = "2021",

doi = "10.1007/978-3-030-88428-4",

language = "English",

isbn = "978-3-030-88427-7",

volume = "2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "745--751",

booktitle = "Computer Security – ESORICS 2021",

address = "Germany",

}

Srinivasa, S , Pedersen, JM & Vasilomanolakis, E 2021, RIoTPot: a modular hybrid-interaction IoT/OT honeypot. in Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. vol. 2, Springer, Lecture Notes in Computer Science, vol. 12973, pp. 745-751, Computer Security – ESORICS 2021, Darmstadt, Hesse, Germany, 04/10/2021. https://doi.org/10.1007/978-3-030-88428-4

RIoTPot: a modular hybrid-interaction IoT/OT honeypot. / Srinivasa, Shreyas ; Pedersen, Jens Myrup; Vasilomanolakis, Emmanouil.
Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Vol. 2 Springer, 2021. p. 745-751 (Lecture Notes in Computer Science, Vol. 12973).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - RIoTPot

T2 - Computer Security – ESORICS 2021

AU - Srinivasa, Shreyas

AU - Pedersen, Jens Myrup

AU - Vasilomanolakis, Emmanouil

N1 - Poster

PY - 2021

Y1 - 2021

N2 - Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments. RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.

AB - Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments. RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.

KW - Honeypots

KW - Modular

KW - Hybrid

KW - Network Security

U2 - 10.1007/978-3-030-88428-4

DO - 10.1007/978-3-030-88428-4

M3 - Article in proceeding

SN - 978-3-030-88427-7

VL - 2

T3 - Lecture Notes in Computer Science

SP - 745

EP - 751

BT - Computer Security – ESORICS 2021

PB - Springer

Y2 - 4 October 2021 through 8 October 2021

ER -

Srinivasa S , Pedersen JM, Vasilomanolakis E. RIoTPot: a modular hybrid-interaction IoT/OT honeypot. In Computer Security – ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4–8, 2021, Proceedings, Part II. Vol. 2. Springer. 2021. p. 745-751. (Lecture Notes in Computer Science, Vol. 12973). doi: 10.1007/978-3-030-88428-4

RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Abstract

Conference

Bibliographical note

Keywords

Access to Document

AUB Link

Fingerprint

Cite this