Gotham Testbed: a Reproducible IoT Testbed for Security Experiments and Dataset Generation

TL;DR

Gotham is a reproducible, flexible IoT testbed designed for security experiments, enabling the generation of up-to-date datasets and testing of security solutions against realistic IoT attack scenarios.

Contribution

The paper introduces Gotham, a customizable IoT testbed that facilitates reproducible security experiments and dataset creation for evolving IoT environments.

Findings

Built a testbed with 100 emulated IoT devices and diverse attack scenarios.

Generated datasets reflecting current IoT threats and architectures.

Demonstrated Gotham's extensibility for future research and scenario sharing.

Abstract

The growing adoption of the Internet of Things (IoT) has brought a significant increase in attacks targeting those devices. Machine learning (ML) methods have shown promising results for intrusion detection; however, the scarcity of IoT datasets remains a limiting factor in developing ML-based security systems for IoT scenarios. Static datasets get outdated due to evolving IoT architectures and threat landscape; meanwhile, the testbeds used to generate them are rarely published. This paper presents the Gotham testbed, a reproducible and flexible security testbed extendable to accommodate new emulated devices, services or attackers. Gotham is used to build an IoT scenario composed of 100 emulated devices communicating via MQTT, CoAP and RTSP protocols, among others, in a topology composed of 30 switches and 10 routers. The scenario presents three threat actors, including the entire Mirai botnet lifecycle and additional red-teaming tools performing DoS, scanning, and attacks targeting IoT protocols. The testbed has many purposes, including a cyber range, testing security solutions, and capturing network and application data to generate datasets. We hope that researchers can leverage and adapt Gotham to include other devices, state-of-the-art attacks and topologies to share scenarios and datasets that reflect the current IoT settings and threat landscape.