HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through Reinforcement Learning

by   Chongqi Guan, et al.

As IoT devices are becoming widely deployed, there exist many threats to IoT-based systems due to their inherent vulnerabilities. One effective approach to improving IoT security is to deploy IoT honeypot systems, which can collect attack information and reveal the methods and strategies used by attackers. However, building high-interaction IoT honeypots is challenging due to the heterogeneity of IoT devices. Vulnerabilities in IoT devices typically depend on specific device types or firmware versions, which encourages attackers to perform pre-attack checks to gather device information before launching attacks. Moreover, conventional honeypots are easily detected because their replying logic differs from that of the IoT devices they try to mimic. To address these problems, we develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT. We first build a real device based attack trace collection system to learn how attackers interact with IoT devices. We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers based on the attack trace. We also use differential analysis techniques to mutate response values in some fields to generate high-fidelity responses. HoneyIoT has been deployed on the public Internet. Experimental results show that HoneyIoT can effectively bypass the pre-attack checks and mislead the attackers into uploading malware. Furthermore, HoneyIoT is covert against widely used reconnaissance and honeypot detection tools.


AIIPot: Adaptive Intelligent-Interaction Honeypot for IoT Devices

The proliferation of the Internet of Things (IoT) has raised concerns ab...

Towards Learning-automation IoT Attack Detection through Reinforcement Learning

As a massive number of the Internet of Things (IoT) devices are deployed...

Current State of IPv6 Security in IoT

This report presents the current state of security in IPv6 for IoT devic...

IoTMonitor: A Hidden Markov Model-based Security System to Identify Crucial Attack Nodes in Trigger-action IoT Platforms

With the emergence and fast development of trigger-action platforms in I...

A First Step Towards Understanding Real-world Attacks on IoT Devices

With the rapid growth of Internet of Things (IoT) devices, it is imperat...

IoTFlowGenerator: Crafting Synthetic IoT Device Traffic Flows for Cyber Deception

Over the years, honeypots emerged as an important security tool to under...

What are Attackers after on IoT Devices? An approach based on a multi-phased multi-faceted IoT honeypot ecosystem and data clustering

The growing number of Internet of Things (IoT) devices makes it imperati...

Please sign up or login with your details

Forgot password? Click here to reset