Abstract

Internet of Things (IoT) devices are easy targets for attackers. Preventing and counter-fighting this threat impose to capture and analyze attackers’ behaviors. Several IoT-oriented honeypots have been proposed recently while, in parallel, emulation techniques for IoT devices have been improved to allow firmware analysis of this type of devices.In this paper, our objective is to consolidate these two facets in a single framework called HiFiPot. It is capable of creating a high-interaction honeypot on-the-fly with a high fidelity, i.e. from a firmware image. Our technique improves the most recent stateof-the-art solution to emulate an IoT device without scarifying the furtiveness. It is based on an iterative learning procedure to automatically correct emulation errors and to ensure Internet connectivity while maintaining these corrections invisible to the attackers. Out of the 1,000 firmware images tested, 443 (44,3%) can be deployed as honeypot. More than 500 instances of HiFiPot were deployed in the wild, and received about 1,900 HTTP traversal attacks, and downloaded 31 distinct malware binaries (out of 909) among which eight were unknown.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.