ThingPot: an interactive Internet-of-Things honeypot
Meng Wang, Javier Santillan, Fernando Kuipers
TL;DR
This paper introduces ThingPot, an innovative IoT honeypot that simulates entire IoT platforms to study attacker behavior, revealing five attack types over 1.5 months of deployment.
Contribution
It presents the first honeypot focusing on whole IoT platforms, enabling detailed analysis of attack strategies against IoT devices.
Findings
Identified five attack types and vectors against IoT devices
Deployed for 1.5 months, capturing real attacker behavior
Open-sourced the honeypot for community use
Abstract
The Mirai Distributed Denial-of-Service (DDoS) attack exploited security vulnerabilities of Internet-of-Things (IoT) devices and thereby clearly signalled that attackers have IoT on their radar. Securing IoT is therefore imperative, but in order to do so it is crucial to understand the strategies of such attackers. For that purpose, in this paper, a novel IoT honeypot called ThingPot is proposed and deployed. Honeypot technology mimics devices that might be exploited by attackers and logs their behavior to detect and analyze the used attack vectors. ThingPot is the first of its kind, since it focuses not only on the IoT application protocols themselves, but on the whole IoT platform. A Proof-of-Concept is implemented with XMPP and a REST API, to mimic a Philips Hue smart lighting system. ThingPot has been deployed for 1.5 months and through the captured data we have found five types of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Bluetooth and Wireless Communication Technologies