1 research outputs found
A First Step Towards Understanding Real-world Attacks on IoT Devices
With the rapid growth of Internet of Things (IoT) devices, it is imperative
to proactively understand the real-world cybersecurity threats posed to them.
This paper describes our initial efforts towards building a honeypot ecosystem
as a means to gathering and analyzing real attack data against IoT devices. A
primary condition for a honeypot to yield useful insights is to let attackers
believe they are real systems used by humans and organizations. IoT devices
pose unique challenges in this respect, due to the large variety of device
types and the physical-connectedness nature. We thus create a multiphased
approach in building a honeypot ecosystem, where researchers can gradually
increase a low-interaction honeypot's sophistication in emulating an IoT device
by observing real-world attackers' behaviors. We deployed honeypots both
on-premise and in the cloud, with associated analysis and vetting
infrastructures to ensure these honeypots cannot be easily identified as such
and appear to be real systems. In doing so we were able to attract increasingly
sophisticated attack data. We present the design of this honeypot ecosystem and
our observation on the attack data so far. Our data shows that real-world
attackers are explicitly going after IoT devices, and some captured activities
seem to involve direct human interaction (as opposed to scripted automatic
activities). We also build a low interaction honeypot for IoT cameras, called
Honeycamera, that present to attackers seemingly real videos. This is our first
step towards building a more comprehensive honeypot ecosystem that will allow
researchers to gain concrete understanding of what attackers are going after on
IoT devices, so as to more proactively protect them