2016
DOI: 10.2197/ipsjjip.24.522
|View full text |Cite
|
Sign up to set email alerts
|

IoTPOT: A Novel Honeypot for Revealing Current IoT Threats

Abstract: We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 5 distinct DDoS malware families targeti… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
66
0
1

Year Published

2016
2016
2024
2024

Publication Types

Select...
6
3

Relationship

0
9

Authors

Journals

citations
Cited by 173 publications
(89 citation statements)
references
References 3 publications
1
66
0
1
Order By: Relevance
“…Honeypots are one of the detection sources surveyed in this study. Honeypots have commonly been used for collecting, understanding, characterizing, and tracking botnets [6]. However, they are not necessarily useful for detecting compromised endpoints or the attacks emanating from them.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Honeypots are one of the detection sources surveyed in this study. Honeypots have commonly been used for collecting, understanding, characterizing, and tracking botnets [6]. However, they are not necessarily useful for detecting compromised endpoints or the attacks emanating from them.…”
Section: Related Workmentioning
confidence: 99%
“…To launch an attack, the botnet infects Linux-based IoT devices by brute forcing default credentials of devices with open Telnet ports. In our research, the IoT devices were infected using the binaries from the IoTPOT dataset [6] (namely Gafgyt). In order to adjust the attacks to our lab, the IP address of the C&C server was extracted from the malware's binary, and all of the network traffic to this IP was routed to a server in our lab that functions as a C&C server.…”
Section: Empirical Evaluationmentioning
confidence: 99%
“…A multi architecture support IoT honeypot (IoTPOT) that detects at least 4 distributed denial of service malware families targeting Telnet based IoT [135]. IoTPOT is the first IOTPOT to publish its malware collected data.…”
Section: Tools In Iot Malware Synthesismentioning
confidence: 99%
“…Mirai also realizes similar attack stages (detailed in Sect. V-A3 below) as stateof-the-art IoT malware [3], [28]. This makes Mirai a highly relevant baseline for IoT malware behavior.…”
Section: Methodsmentioning
confidence: 99%