RIoTPot: a modular hybrid-interaction IoT/OT honeypot

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

1 Downloads (Pure)


Honeypots are often used as a proactive attack detection mechanism and as a source of threat intelligence data. However, many honeypots are poorly maintained and cumbersome to extend. Moreover, low-interaction honeypots are prone to fingerprinting attacks due to their limited emulation capabilities. Nonetheless, low-interaction honeypots are essential for environments with limited resources. In this paper, we introduce RIoTPot, a modular and hybrid-interaction honeypot for Internet-of-Things (IoT) and Operational Technology (OT) protocols mainly used in Industrial Control System environments.
RIoTPot's modularity comes as a result of plug-n-play container services while its hybrid-interaction capability enables users to switch between low- and high-interaction modes. We deploy RIoTPot on the Internet, receive a large amount of attacks and discuss the results received on both low- and high-interaction modes.
Original languageEnglish
Title of host publication26th European Symposium on Research in Computer Security (ESORICS) 2021
Number of pages7
Publication date2021
ISBN (Print) 978-3-030-88427-7
ISBN (Electronic)978-3-030-88428-4
Publication statusPublished - 2021
EventComputer Security – ESORICS 2021 - Darmstadt, Germany
Duration: 4 Oct 20218 Oct 2021


ConferenceComputer Security – ESORICS 2021


  • Honeypots
  • Modular
  • Hybrid
  • Network Security


Dive into the research topics of 'RIoTPot: a modular hybrid-interaction IoT/OT honeypot'. Together they form a unique fingerprint.

Cite this