What are Attackers after on IoT Devices? An approach based on a
multi-phased multi-faceted IoT honeypot ecosystem and data clustering
- URL: http://arxiv.org/abs/2112.10974v1
- Date: Tue, 21 Dec 2021 04:11:45 GMT
- Title: What are Attackers after on IoT Devices? An approach based on a
multi-phased multi-faceted IoT honeypot ecosystem and data clustering
- Authors: Armin Ziaie Tabari, Xinming Ou, Anoop Singhal
- Abstract summary: Honeypots have been historically used as decoy devices to help researchers gain a better understanding of the dynamic of threats on a network.
In this work, we presented a new approach to creating a multi-phased, multi-faceted honeypot ecosystem.
We were able to collect increasingly sophisticated attack data in each phase.
- Score: 11.672070081489565
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The growing number of Internet of Things (IoT) devices makes it imperative to
be aware of the real-world threats they face in terms of cybersecurity. While
honeypots have been historically used as decoy devices to help
researchers/organizations gain a better understanding of the dynamic of threats
on a network and their impact, IoT devices pose a unique challenge for this
purpose due to the variety of devices and their physical connections. In this
work, by observing real-world attackers' behavior in a low-interaction honeypot
ecosystem, we (1) presented a new approach to creating a multi-phased,
multi-faceted honeypot ecosystem, which gradually increases the sophistication
of honeypots' interactions with adversaries, (2) designed and developed a
low-interaction honeypot for cameras that allowed researchers to gain a deeper
understanding of what attackers are targeting, and (3) devised an innovative
data analytics method to identify the goals of adversaries. Our honeypots have
been active for over three years. We were able to collect increasingly
sophisticated attack data in each phase. Furthermore, our data analytics points
to the fact that the vast majority of attack activities captured in the
honeypots share significant similarity, and can be clustered and grouped to
better understand the goals, patterns, and trends of IoT attacks in the wild.
Related papers
- Multi-granular Adversarial Attacks against Black-box Neural Ranking Models [111.58315434849047]
We create high-quality adversarial examples by incorporating multi-granular perturbations.
We transform the multi-granular attack into a sequential decision-making process.
Our attack method surpasses prevailing baselines in both attack effectiveness and imperceptibility.
arXiv Detail & Related papers (2024-04-02T02:08:29Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - MultiIoT: Benchmarking Machine Learning for the Internet of Things [70.74131118309967]
The next generation of machine learning systems must be adept at perceiving and interacting with the physical world.
sensory data from motion, thermal, geolocation, depth, wireless signals, video, and audio are increasingly used to model the states of physical environments.
Existing efforts are often specialized to a single sensory modality or prediction task.
This paper proposes MultiIoT, the most expansive and unified IoT benchmark to date, encompassing over 1.15 million samples from 12 modalities and 8 real-world tasks.
arXiv Detail & Related papers (2023-11-10T18:13:08Z) - Investigating Human-Identifiable Features Hidden in Adversarial
Perturbations [54.39726653562144]
Our study explores up to five attack algorithms across three datasets.
We identify human-identifiable features in adversarial perturbations.
Using pixel-level annotations, we extract such features and demonstrate their ability to compromise target models.
arXiv Detail & Related papers (2023-09-28T22:31:29Z) - HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through
Reinforcement Learning [10.186372780116631]
We develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT.
We first build a real device based attack trace collection system to learn how attackers interact with IoT devices.
We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers.
arXiv Detail & Related papers (2023-05-10T19:43:20Z) - IoTFlowGenerator: Crafting Synthetic IoT Device Traffic Flows for Cyber
Deception [31.822346303953164]
Honeypots are an important security tool to understand attacker intent and deceive attackers to spend time and resources.
To build better honeypots and enhance cyber deception capabilities, IoT honeypots need to generate realistic network traffic flows.
We propose a novel deep learning based approach for generating traffic flows that mimic real network traffic due to user and IoT device interactions.
arXiv Detail & Related papers (2023-05-01T16:24:07Z) - AIIPot: Adaptive Intelligent-Interaction Honeypot for IoT Devices [3.571367745766466]
Honeypot is a popular deception technique that mimics interaction in real fashion.
We propose a honeypot for IoT devices that uses machine learning techniques to learn and interact with attackers automatically.
arXiv Detail & Related papers (2023-03-22T08:06:41Z) - Measuring and Clustering Network Attackers using Medium-Interaction
Honeypots [5.524750830120598]
Honeypots are often used by information security teams to measure the threat landscape in order to secure their networks.
In this work, we deploy such honeypots on five different protocols on the public Internet and study the intent and sophistication of the attacks we observe.
We then use the information gained to develop a clustering approach that identifies correlations in attacker behavior to discover IPs that are highly likely to be controlled by a single operator.
arXiv Detail & Related papers (2022-06-27T20:19:39Z) - The Feasibility and Inevitability of Stealth Attacks [63.14766152741211]
We study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence systems.
In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself.
arXiv Detail & Related papers (2021-06-26T10:50:07Z) - Measurement-driven Security Analysis of Imperceptible Impersonation
Attacks [54.727945432381716]
We study the exploitability of Deep Neural Network-based Face Recognition systems.
We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim.
We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
arXiv Detail & Related papers (2020-08-26T19:27:27Z) - Towards Learning-automation IoT Attack Detection through Reinforcement
Learning [14.363292907140364]
Internet of Things (IoT) networks have unique characteristics, which make the attack detection more challenging.
In addition to the traditional high-rate attacks, the low-rate attacks are also extensively used by IoT attackers to obfuscate the legitimate traffic.
We propose a reinforcement learning-based attack detection model that can automatically learn and recognize the transformation of the attack pattern.
arXiv Detail & Related papers (2020-06-29T06:12:45Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.