Using honeypots to model botnet attacks on the internet of medical things

Huanran Wang, Hui He, Weizhe Zhang, Wenmao Liu, Peng Liu, Amir Javadpour

Research output: Contribution to journalArticlepeer-review

8 Scopus citations


Corona Virus Disease 2019 (COVID-19) has led to an increase in attacks targeting widespread smart devices. A vulnerable device can join multiple botnets simultaneously or sequentially. When different attack patterns are mixed with attack records, the security analyst produces an inaccurate report. There are numerous studies on botnet detection, but there is no publicly available solution to classify attack patterns based on the control periods. To fill this gap, we propose a novel data-driven method based on an intuitive hypothesis: bots tend to show time-related attack patterns within the same botnet control period. We deploy 462 honeypots in 22 countries to capture real-world attack activities and propose an algorithm to identify control periods. Experiments have demonstrated our method's efficacy. Besides, we present eight interesting findings that will help the security community better understand and fight botnet attacks now and in the future.

Original languageEnglish (US)
Article number108212
JournalComputers and Electrical Engineering
StatePublished - Sep 2022

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • General Computer Science
  • Electrical and Electronic Engineering


Dive into the research topics of 'Using honeypots to model botnet attacks on the internet of medical things'. Together they form a unique fingerprint.

Cite this