IoTFlowGenerator: Crafting Synthetic IoT Device Traffic Flows for Cyber Deception

TL;DR

This paper introduces IoTFlowGenerator, a deep learning-based tool that creates realistic synthetic IoT device traffic to improve honeypots and cyber deception by mimicking genuine network interactions, even against adaptive attackers.

Contribution

It presents a novel generative adversarial network approach tailored for IoT traffic, addressing data scarcity and enhancing the realism of synthetic network flows for honeypots.

Findings

Outperforms existing traffic generators in realism

Effectively mimics real IoT device traffic

Remains indistinguishable from real traffic to attackers

Abstract

Over the years, honeypots emerged as an important security tool to understand attacker intent and deceive attackers to spend time and resources. Recently, honeypots are being deployed for Internet of things (IoT) devices to lure attackers, and learn their behavior. However, most of the existing IoT honeypots, even the high interaction ones, are easily detected by an attacker who can observe honeypot traffic due to lack of real network traffic originating from the honeypot. This implies that, to build better honeypots and enhance cyber deception capabilities, IoT honeypots need to generate realistic network traffic flows. To achieve this goal, we propose a novel deep learning based approach for generating traffic flows that mimic real network traffic due to user and IoT device interactions. A key technical challenge that our approach overcomes is scarcity of device-specific IoT traffic data to effectively train a generator. We address this challenge by leveraging a core generative adversarial learning algorithm for sequences along with domain specific knowledge common to IoT devices. Through an extensive experimental evaluation with 18 IoT devices, we demonstrate that the proposed synthetic IoT traffic generation tool significantly outperforms state of the art sequence and packet generators in remaining indistinguishable from real traffic even to an adaptive attacker.