Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots

Tambe, Amit; Aung, Yan Lin; Sridharan, Ragav; Ochoa, Martín; Tippenhauer, Nils Ole; Shabtai, Asaf; Elovici, Yuval

doi:10.1145/3292006.3300024

Cited by 36 publications

(15 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Others were related to wireless sensor networks (WSNs) [22][23][24], cloud computing [25], cyber-physical systems [26], and wide area networks (WANs) [27][28][29]. The recent spread of IoT devices has introduced new threats such as botnet attacks [30]. Such attacks appear to compromise the victim devices, and the attacks can be coordinated.…”

Section: Introductionmentioning

confidence: 99%

IoT Botnet Attack Detection Based on Optimized Extreme Gradient Boosting and Feature Selection

Alqahtani

Mathkour

Ismail

2020

Sensors

View full text Add to dashboard Cite

Nowadays, Internet of Things (IoT) technology has various network applications and has attracted the interest of many research and industrial communities. Particularly, the number of vulnerable or unprotected IoT devices has drastically increased, along with the amount of suspicious activity, such as IoT botnet and large-scale cyber-attacks. In order to address this security issue, researchers have deployed machine and deep learning methods to detect attacks targeting compromised IoT devices. Despite these efforts, developing an efficient and effective attack detection approach for resource-constrained IoT devices remains a challenging task for the security research community. In this paper, we propose an efficient and effective IoT botnet attack detection approach. The proposed approach relies on a Fisher-score-based feature selection method along with a genetic-based extreme gradient boosting (GXGBoost) model in order to determine the most relevant features and to detect IoT botnet attacks. The Fisher score is a representative filter-based feature selection method used to determine significant features and discard irrelevant features through the minimization of intra-class distance and the maximization of inter-class distance. On the other hand, GXGBoost is an optimal and effective model, used to classify the IoT botnet attacks. Several experiments were conducted on a public botnet dataset of IoT devices. The evaluation results obtained using holdout and 10-fold cross-validation techniques showed that the proposed approach had a high detection rate using only three out of the 115 data traffic features and improved the overall performance of the IoT botnet attack detection process.

show abstract

Section: Introductionmentioning

confidence: 99%

IoT Botnet Attack Detection Based on Optimized Extreme Gradient Boosting and Feature Selection

Alqahtani

Mathkour

Ismail

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Therefore, we believe future research should focus on providing an external continuous protection that can be easily updated with information on newly discovered attacks. One way to collect intelligence on emerging threats to surveillance systems is to use an advanced honeypot system [29]. Moreover, by identifying emerging exploits, administrators can protect their systems before they get infected.…”

Section: Discussionmentioning

confidence: 99%

The Security of IP-based Video Surveillance Systems

Kalbo¹,

Mirsky²,

Shabtai³

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Tambe et al [86] proposed a scalable high interaction honeypot to attract and detect large scale botnet attacks. In order to solve the scalability problem of high interaction honeypots using real devices, Tambe et al used VPN tunnels which allowed a small number of real IoT devices to appear as multiple IoT devices with different IP addresses around the world.…”

Section: Telnet Ssh Http and Cwmp Attacksmentioning

confidence: 99%

A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems

Franco¹,

Arış²,

Canberk³

et al. 2021

Preprint

View full text Add to dashboard Cite

The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems -IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.

show abstract

Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots

Cited by 36 publications

References 16 publications

IoT Botnet Attack Detection Based on Optimized Extreme Gradient Boosting and Feature Selection

IoT Botnet Attack Detection Based on Optimized Extreme Gradient Boosting and Feature Selection

The Security of IP-based Video Surveillance Systems

A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems

Contact Info

Product

Resources

About