Abstract
A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
DShield Honeypot. https://isc.sans.edu/honeypot.html. Accessed 25 Jan 2022
LXD - Introduction. https://linuxcontainers.org/lxd/introduction/. Accessed on 26 July 2021
Malware Statistics & Trends Report. https://www.av-test.org/en/statistics/malware/. Accessed 26 Jan 2021
Opencanary honeypot. https://opencanary.readthedocs.io/en/latest/. Accessed 25 Jan 2022
Virtualization-based Sandboxes are vulnerable to advanced malware. https://www.lastline.com/blog/virtualization-based-sandboxes/. Accessed 28 May 2021
Artail, H., Safa, H., Sraj, M., Kuwatly, I., Al-Masri, Z.: A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. J. Comput. Secur. 25(4), 274–288 (2006). https://doi.org/10.1016/j.cose.2006.02.009, https://www.sciencedirect.com/science/article/pii/S0167404806000587
Bellard, F.: QEMU, a fast and portable dynamic translator. In: USENIX Annual Technical Conference, FREENIX Track. vol. 41, p. 46. California, USA (2005)
Canonical: Multipass orchestrates virtual Ubuntu instances (2015). https://github.com/canonical/multipass. Accessed 20 July 2021
Catakoglu, O., Balduzzi, M., Balzarotti, D.: Automatic extraction of indicators of compromise for web applications. In: Proceedings of the 25th International Conference on World Wide Web, pp. 333–343 (2016)
Editors, I.I.: US adults added 1 hour of digital time in 2020, January 2021. https://www.emarketer.com/content/us-adults-added-1-hour-of-digital-time-2020. Accessed 19 Aug 2021
Franco, J., Aris, A., Canberk, B., Uluagac, A.S.: A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems. IEEE Commun. Surv. Tutor. 23(4), 2351–2383 (2021)
Guo, M., Wang, J.A.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: ASEE Southest Section Conference (2009)
Hu, Y., Nanda, A., Yang, Q.: Measurement, analysis and performance improvement of the Apache web server. In: 1999 IEEE International Performance, Computing and Communications Conference (Cat. No. 99CH36305), pp. 261–267. IEEE (1999)
Jafarian, J., Niakanlahiji, A.: Delivering Honeypots as a Service, January 2020. https://doi.org/10.24251/HICSS.2020.227
Javaid, A., Niyaz, Q., Sun, W., Alam, M.: A deep learning approach for network intrusion detection system. EAI Endor. Trans. Secur. Saf. 3(9), e2 (2016)
Khan, N.F., Mohan, M.M.: Honey pot as a service in cloud. Int. J. Pure Appl. Math. 118(20), 2883–2888 (2018)
Kostopoulos, A., et al.: Realising honeypot-as-a-service for smart home solutions. In: 2020 5th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), pp. 1–6. IEEE (2020)
La, Q.D., Quek, T.Q., Lee, J., Jin, S., Zhu, H.: Deceptive attack and defense game in honeypot-enabled networks for the internet of things. IEEE Internet Things J. 3(6), 1025–1035 (2016)
López-Morales, E., et al.: Honeyplc: a next-generation honeypot for industrial control systems. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 279–291 (2020)
Mphago, B., Mpoeleng, D., Masupe, S.: Deception in web application honeypots: case of Glastopf. Int. J. Cyber-Secur. Digit. Foren. 6(4), 179–185 (2017)
Provos, N.: Honeyd - a virtual honeypot daemon. In: 10th DFN-CERT Workshop, Hamburg, Germany. vol. 2, p. 4 (2003)
Provos, N., et al.: A Virtual Honeypot Framework. In: USENIX Security Symposium, vol. 173, pp. 1–14, January 2004
PyMISP, G.: PyMISP - Python Library to access MISP. PyMISP. https://github.com/MISP/PyMISP. Accessed 20 Feb 2021
Senthil Kumaran, S.: Practical LXC and LXD: linux Containers for Virtualization and Orchestration. Springer, Cham (2017). https://doi.org/10.1007/978-1-4842-3024-4
Tirumala, A.: IPERF: the TCP/UDP bandwidth measurement tool (1999). http://dast.nlanr.net/Projects/Iperf/
Tools, K.Y.: Glastopf - a dynamic, lowinteraction web application honeypot (2010)
Wagner, C., Dulaunoy, A., Wagener, G., Iklody, A.: MISP: The design and implementation of a collaborative threat intelligence sharing platform. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 49–56 (2016)
Acknowledgements
This work is financed by National Funds through the Portuguese funding agency, FCT - Fundação para a Ciência e a Tecnologia, within project LA/P/0063/2020.
The work of Simão Silva was partially funded by the SafeCities POCI-01-0247-FEDER-041435 project through COMPETE 2020 program. The work of Patrícia R. Sousa was partially supported by the Project “City Catalyst - Catalisador para cidades sustentáveis”, with reference POCI-01-0247-FEDER-046119, financed by Fundo Europeu de Desenvolvimento Regional (FEDER), through COMPETE 2020 and Portugal 2020 programs. João S. Resende’s work was partially supported by the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe (cybersec4europe.eu). National Funds also partially supported this work through the Agência para a Modernização Administrativa, program POCI - Programa Operacional Competitividade e Internacionalização, within project POCI-05-5762-FSE-000229.1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Silva, S., Sousa, P.R., Resende, J.S., Antunes, L. (2022). Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT. In: Katsikas, S., Furnell, S. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2022. Lecture Notes in Computer Science, vol 13582. Springer, Cham. https://doi.org/10.1007/978-3-031-17926-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-17926-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17925-9
Online ISBN: 978-3-031-17926-6
eBook Packages: Computer ScienceComputer Science (R0)