Attack Detection and Forensics Using Honeypot in IoT Environment

Shrivastava, Rajesh; Bashir, Bazila; Hota, Chittaranjan

doi:10.1007/978-3-030-05366-6_33

Cited by 37 publications

(24 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Honeypot technology [ 23 ] deploys some hosts and network services as decoys to induce attackers to carry out attacks, thereby capturing and analyzing the attack behaviors, understanding the tools and methods used by the supplier, and speculating the intention and motivation of the attack, thereby enhancing its security protection capabilities [ 24 ]. However, it is difficult to deploy a honeypot environment that is not readily perceivable by intruders [ 25 ].…”

Section: Related Workmentioning

confidence: 99%

Towards Double Defense Network Security Based on Multi-Identifier Network Architecture

Wang

Smahi

Zhang

et al. 2022

Sensors

View full text Add to dashboard Cite

Recently, more and more mobile devices have been connected to the Internet. The Internet environment is complicated, and network security incidents emerge endlessly. Traditional blocking and killing passive defense measures cannot fundamentally meet the network security requirements. Inspired by the heuristic establishment of multiple lines of defense in immunology, we designed and prototyped a Double Defense strategy with Endogenous Safety and Security (DDESS) based on multi-identifier network (MIN) architecture. DDESS adopts the idea of a zero-trust network, with identity authentication as the core for access control, which solves security problems of traditional IP networks. In addition, DDESS achieves individual static security defense through encryption and decryption, consortium blockchain, trusted computing whitelist, and remote attestation strategies. At the same time, with the dynamic collection of data traffic and access logs, as well as the understanding and prediction of the situation, DDESS can realize the situation awareness of network security and the cultivation of immune vaccines against unknown network attacks, thus achieving the active herd defense of network security.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Double Defense Network Security Based on Multi-Identifier Network Architecture

Wang

Smahi

Zhang

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…It supports integration to ElasticSearch, LogStash, and Kibana for logging, storage, and visualization. It has been used in the IoT honeypot research for Metognon et al [60], IRASSH-T [64], ML-Enhanced Cowrie [66], and Lingenfelter et al [67].…”

Section: A General Application Honeypotsmentioning

confidence: 99%

“…Telnet and SSH Attacks: Shrivastava et al [66] focused on the use of Cowrie Honeypot to detect attacks on IoT devices and created a Machine Learning (ML)-Enhanced Cowrie. They opened the Telnet and SSH ports, and classified requests as malicious payload, SSH attack, XOR DDoS, suspicious, spying, or clean (non-malicious).…”

Section: Semic and Mrdovicmentioning

confidence: 99%

“…Considering the studies, we see that ML techniques have been employed by a limited number of honeypot/honeynet works for configuration and data analysis purposes. Although eight studies ( [55]- [57], [64], [66], [67], [70], [72]) employed ML for IoT honeypots/honeynets, we see that only one study [111] used ML techniques for IIoT and CPS honeypots. We believe that future IoT, IIoT, and CPS honeypots and honeynets can benefit from ML techniques to propose smarter decoy systems that can i) adapt themselves based on the actions of attackers, ii) discriminate known attacks from new attacks thus enable researchers to focus more on novel threats, and iii) increase the efficiency and prevalence of honeypots and honeynets.…”

Section: Machine Learningmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems

Franco¹,

Arış²,

Canberk³

et al. 2021

Preprint

View full text Add to dashboard Cite

The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems -IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.

show abstract

“…Shrivastava et al [24] analyzed commands input into the compromised shell of a Cowrie honeypot [25] to classify different types of attacks. They have classified all the commands into 4 categories -malicious, DDOS, SSH and spying.…”

Section: Related Workmentioning

confidence: 99%

Modeling and Analyzing Attacker Behavior in IoT Botnet using Temporal Convolution Network (TCN)

Sadique¹,

Sengupta²

2021

Preprint

View full text Add to dashboard Cite

Traditional reactive approach of blacklisting botnets fails to adapt to the rapidly evolving landscape of cyberattacks. An automated and proactive approach to detect and block botnet hosts will immensely benefit the industry. Behavioral analysis of attackers is shown to be effective against a wide variety of attack types. Previous works, however, focus solely on anomalies in network traffic to detect bots and botnet. In this work we take a more robust approach of analyzing the heterogeneous events including network traffic, file download events, SSH logins and chain of commands input by attackers in a compromised host. We have deployed several honeypots to simulate Linux shells and allowed attackers access to the shells. We have collected a large dataset of heterogeneous threat events from the honeypots. We have then combined and modeled the heterogeneous threat data to analyze attacker behavior. Then we have used a deep learning architecture called a Temporal Convolutional Network (TCN) to do sequential and predictive analysis on the data. A prediction accuracy of 85 − 97% validates our data model as well as our analysis methodology. In this work, we have also developed an automated mechanism to collect and analyze these data. For the automation we have used CYbersecurity information Exchange (CYBEX). Finally, we have compared TCN with Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU) and have showed that TCN outperforms LSTM and GRU for the task at hand.

show abstract

Attack Detection and Forensics Using Honeypot in IoT Environment

Cited by 37 publications

References 11 publications

Towards Double Defense Network Security Based on Multi-Identifier Network Architecture

Towards Double Defense Network Security Based on Multi-Identifier Network Architecture

A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems

Modeling and Analyzing Attacker Behavior in IoT Botnet using Temporal Convolution Network (TCN)

Contact Info

Product

Resources

About