HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through
Reinforcement Learning
- URL: http://arxiv.org/abs/2305.06430v1
- Date: Wed, 10 May 2023 19:43:20 GMT
- Title: HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through
Reinforcement Learning
- Authors: Chongqi Guan, Heting Liu, Guohong Cao, Sencun Zhu, Thomas La Porta
- Abstract summary: We develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT.
We first build a real device based attack trace collection system to learn how attackers interact with IoT devices.
We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers.
- Score: 10.186372780116631
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As IoT devices are becoming widely deployed, there exist many threats to
IoT-based systems due to their inherent vulnerabilities. One effective approach
to improving IoT security is to deploy IoT honeypot systems, which can collect
attack information and reveal the methods and strategies used by attackers.
However, building high-interaction IoT honeypots is challenging due to the
heterogeneity of IoT devices. Vulnerabilities in IoT devices typically depend
on specific device types or firmware versions, which encourages attackers to
perform pre-attack checks to gather device information before launching
attacks. Moreover, conventional honeypots are easily detected because their
replying logic differs from that of the IoT devices they try to mimic. To
address these problems, we develop an adaptive high-interaction honeypot for
IoT devices, called HoneyIoT. We first build a real device based attack trace
collection system to learn how attackers interact with IoT devices. We then
model the attack behavior through markov decision process and leverage
reinforcement learning techniques to learn the best responses to engage
attackers based on the attack trace. We also use differential analysis
techniques to mutate response values in some fields to generate high-fidelity
responses. HoneyIoT has been deployed on the public Internet. Experimental
results show that HoneyIoT can effectively bypass the pre-attack checks and
mislead the attackers into uploading malware. Furthermore, HoneyIoT is covert
against widely used reconnaissance and honeypot detection tools.
Related papers
- IoT-LM: Large Multisensory Language Models for the Internet of Things [70.74131118309967]
IoT ecosystem provides rich source of real-world modalities such as motion, thermal, geolocation, imaging, depth, sensors, and audio.
Machine learning presents a rich opportunity to automatically process IoT data at scale.
We introduce IoT-LM, an open-source large multisensory language model tailored for the IoT ecosystem.
arXiv Detail & Related papers (2024-07-13T08:20:37Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - IoTWarden: A Deep Reinforcement Learning Based Real-time Defense System to Mitigate Trigger-action IoT Attacks [3.1449061818799615]
We build a reinforcement learning based real-time defense system for injection attacks.
Our experiments show that the proposed mechanism can effectively and accurately identify and defend against injection attacks with reasonable overhead.
arXiv Detail & Related papers (2024-01-16T06:25:56Z) - Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
This paper provides a classification of IoT malware.
Major targets and used exploits for attacks are identified and referred to the specific malware.
The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
arXiv Detail & Related papers (2023-12-01T16:10:43Z) - IoTFlowGenerator: Crafting Synthetic IoT Device Traffic Flows for Cyber
Deception [31.822346303953164]
Honeypots are an important security tool to understand attacker intent and deceive attackers to spend time and resources.
To build better honeypots and enhance cyber deception capabilities, IoT honeypots need to generate realistic network traffic flows.
We propose a novel deep learning based approach for generating traffic flows that mimic real network traffic due to user and IoT device interactions.
arXiv Detail & Related papers (2023-05-01T16:24:07Z) - AIIPot: Adaptive Intelligent-Interaction Honeypot for IoT Devices [3.571367745766466]
Honeypot is a popular deception technique that mimics interaction in real fashion.
We propose a honeypot for IoT devices that uses machine learning techniques to learn and interact with attackers automatically.
arXiv Detail & Related papers (2023-03-22T08:06:41Z) - IoT Device Identification Based on Network Communication Analysis Using
Deep Learning [43.0717346071013]
The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices.
To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network.
In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
arXiv Detail & Related papers (2023-03-02T13:44:58Z) - The Internet of Senses: Building on Semantic Communications and Edge
Intelligence [67.75406096878321]
The Internet of Senses (IoS) holds the promise of flawless telepresence-style communication for all human receptors'
We elaborate on how the emerging semantic communications and Artificial Intelligence (AI)/Machine Learning (ML) paradigms may satisfy the requirements of IoS use cases.
arXiv Detail & Related papers (2022-12-21T03:37:38Z) - Towards Learning-automation IoT Attack Detection through Reinforcement
Learning [14.363292907140364]
Internet of Things (IoT) networks have unique characteristics, which make the attack detection more challenging.
In addition to the traditional high-rate attacks, the low-rate attacks are also extensively used by IoT attackers to obfuscate the legitimate traffic.
We propose a reinforcement learning-based attack detection model that can automatically learn and recognize the transformation of the attack pattern.
arXiv Detail & Related papers (2020-06-29T06:12:45Z) - IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers.
The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks.
In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z) - IoT Behavioral Monitoring via Network Traffic Analysis [0.45687771576879593]
This thesis is the culmination of our efforts to develop techniques to profile the network behavioral pattern of IoTs.
We develop a robust machine learning-based inference engine trained with attributes from traffic patterns.
We demonstrate real-time classification of 28 IoT devices with over 99% accuracy.
arXiv Detail & Related papers (2020-01-28T23:13:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.