Automated Device Independent Honeypot Generation of IoT and Industrial IoT Devices
The project goal is the development of a generic honeypot framework that automatically generates tailored honeypots for the (Industrial) Internet of Things. Combining real world device information with virtualization technology, the honeypots are attracting attacks for a wide variety of hardware and software architectures and beyond convince an adversary that she actually breached a real device instead of decoy.
The interconnection of physical devices, vehicles, household appliances and other objects with electronics, software, sensors and actuators has become an integral part of our modern lives. The industrial sector is also undergoing a change in device communication. Traditionally, automated factories and critical infrastructure were strictly separated from the Internet. However, since the advent of Industry 4.0, devices at control as well as supervisor level are frequently connected to the Internet to collect analytic data. The resulting network is called the “Internet of Things” (IoT) and “Industrial Internet of Things” (IIoT).
Attackers seek to compromise such interconnected devices with malware campaigns. For this reason, interconnected devices are exposed to continuous threats and ongoing attacks. The large set of diverse hardware and software combined with the neglection of security best practices, the often non-existent update policies, and the lack of software hardening techniques render IoT and IIoT devices an ideal target for attackers. The heterogeneous landscape of IoT and IIoT devices poses new challenges to the deployment of honeypots that still need to be solved. However, so far no generic honeypot framework exists that is capable of attracting attacks for the wide variety of hardware and software architectures.
Our goal is to provide a framework that automatically creates target device tailored honeypots for the (Industrial) Internet of Things which are capable of convincing an adversary that she actually breached a real device instead of a decoy. Our honeypots will be executed in an emulation environment that is able to interact with the outside world over common IoT and IIoT communication channels and allow us to apply fine-grained supervision techniques to monitor an adversary’s behavior throughout his entire attack.
- The project is led by SBA Research.
This project is funded by the FFG.