HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through Reinforcement Learning

Chongqi Guan, Heting Liu, Guohong Cao, Sencun Zhu, Thomas La Porta

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

As IoT devices are becoming widely deployed, there exist many threats to IoT-based systems due to their inherent vulnerabilities. One effective approach to improving IoT security is to deploy IoT honeypot systems, which can collect attack information and reveal the methods and strategies used by attackers. However, building high-interaction IoT honeypots is challenging due to the heterogeneity of IoT devices. Vulnerabilities in IoT devices typically depend on specific device types or firmware versions, which encourages attackers to perform pre-attack checks to gather device information before launching attacks. Moreover, conventional honeypots are easily detected because their replying logic differs from that of the IoT devices they try to mimic.To address these problems, we develop an adaptive high-interaction honeypot for IoT devices, called em HoneyIoT. We first build a real device based attack trace collection system to learn how attackers interact with IoT devices. We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers based on the attack trace. We also use differential analysis techniques to mutate response values in some fields to generate high-fidelity responses.HoneyIoT has been deployed on the public Internet. Experimental results show that HoneyIoT can effectively bypass the pre-attack checks and mislead the attackers into uploading malware. Furthermore, HoneyIoT is covert against widely used reconnaissance and honeypot detection tools.

Original languageEnglish (US)
Title of host publicationWiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages49-59
Number of pages11
ISBN (Electronic)9781450398596
DOIs
StatePublished - May 29 2023
Event16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023 - Guildford, United Kingdom
Duration: May 29 2023Jun 1 2023

Publication series

NameWiSec 2023 - Proceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference16th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2023
Country/TerritoryUnited Kingdom
CityGuildford
Period5/29/236/1/23

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems
  • Software
  • Safety Research
  • Computer Networks and Communications

Cite this