The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. In this work, by observing real-world attackers' behavior in a low-interaction honeypot ecosystem, we (1) presented a new approach to creating a multi-phased, multi-faceted honeypot ecosystem, which gradually increases the sophistication of honeypots' interactions with adversaries, (2) designed and developed a low-interaction honeypot for cameras that allowed researchers to gain a deeper understanding of what attackers are targeting, and (3) devised an innovative data analytics method to identify the goals of adversaries. Our honeypots have been active for over three years. We were able to collect increasingly sophisticated attack data in each phase. Furthermore, our data analytics points to the fact that the vast majority of attack activities captured in the honeypots share significant similarity, and can be clustered and grouped to better understand the goals, patterns, and trends of IoT attacks in the wild.
翻译:越来越多的物联网(IoT)装置使得人们必须认识到它们面临的网络安全现实威胁。尽管蜂蜜罐历来被用作诱饵装置,帮助研究人员/组织更好地了解网络威胁的动态及其影响,但由于装置种类繁多及其物理联系,IoT装置为此提出了独特的挑战。在这项工作中,通过观察现实世界攻击者在一个低相互作用的蜂蜜罐生态系统中的行为,我们(1) 提出了一个新办法,以建立一个多阶段、多面蜂蜜罐生态系统,逐步增加蜂蜜罐与对手互动的先进性,(2) 设计和开发了一个低互动蜂蜜罐,让研究人员更好地了解网络威胁的动态及其影响,(3) 设计了一个创新的数据分析方法,以确定对手的目标。我们的蜂蜜罐已经活跃了三年多。我们得以在每个阶段收集越来越复杂的攻击数据。此外,我们的数据分析表明,蜂蜜罐中捕获的绝大多数攻击活动逐渐增加了与对手的互动,使研究人员能够更深入地了解攻击者的目标、相似性以及I的群状,可以更好地了解。