Abstract
In this paper, an Internet of Things (IoT) honeypot scanning and detection system is proposed based on an authorization mechanism. For the functional characteristics of different devices existing in the IoT environment, an authorization and authentication system was designed based on device MAC and randomly generated key for requesting permissions from devices with asset management and traffic monitoring. Subsequently, an authorized access network model was constructed between devices and the authorization system, which inveigles the scanning requests from unauthorized devices into the IoT honeypot based on the authorized authentication algorithm. Specifically, an IoT honeypot system was built and a data collection module, a data preprocessing module, and a scan detection module were installed in it to perform detection and output feedback on the traffic redirected to the honeypot. The experimental results show that our designed system can efficiently identify whether the device is authorized or not in the IoT system and successfully detect the illegal scanning requests from non-authorized devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Statista Inc.: Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions) [EB/OL] [2017-05-30]. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
Antonakakis, M., et al.: Understanding the Mirai Botnet. In: Proceedings of the USENIX Security Symposium, pp. 4–18, August 2017
Xu, Y., Koide, H., Vargas, D.V., et al.: Tracing MIRAI Malware in Networked System. In: 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW). IEEE Computer Society, pp. 18–34 (2018)
Marzano, A., et al.: The Evolution of Bashlite and Mirai IoT Botnets. In: 2018 IEEE Symposium on Computers and Communications (ISCC). IEEE, pp. 20–24 (2018)
Kolias, C., et al.: DDoS in the IoT: Mirai and other Botnets. Computer 50(7), 80–84 (2017)
Goodman, M.: Hacking the Human Heart[EB/OL]. [2017-04-24]. http://bigthink.com/future-crimes/hacking-the-human-heart
Ruimin, L.: Network Scanning Technology Reveals: Principle, Practice and Implementation of Network Scanner. Mechanical Industry Press, Beijing (2012)
Nanping, C.: Network scanner and the design principle of the model study. Softw. Guide J. 9(11), 134–136 (2010)
Kohno, T., Broido, A., Claffy, K.C.: Remote physical device fingerprinting. In: Proceedings of 2005 IEEE Symposium on Security and Privacy. IEEE, pp. 211–225 (2005)
Polcak, L., Jirasek, J., Matousek, P.: Comment on “remote physical device fingerprinting.” IEEE Trans. Depend. Secure Comput. 11(5), 494–496 (2014)
Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. Lect. Notes Comput. Sci. 3431, 41–54 (2005)
Haffner, P., et al.: ACAS: automated construction of application signatures. In: Proceedings of ACM Workshop on Mining Network Data, Minenet 2005. Philadelphia, USA. ACM, pp. 197–202 (2005)
Yi, L., Tian, S., Lejian, L.: A real-time mobile traffic classification approach based on timing sequence flow. Trans. Beijing Inst. Technol. 38(5), 537–544 (2018)
Roughan, M., et al.: Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. ACM, pp. 135–148 (2004)
Beyah, R., et al.: GTID: a technique for physical device and device type fingerprinting. IEEE Trans. Depend. Secure Comput. 22(7), 112–120 (2015)
Miettinen, M., et al.: IoT sentinel demo: automated device-type identification for security enforcement in IoT. In: Proceedings of International Conference on Distributed Computing Systems. IEEE, pp. 2177–2184 (2017)
Giotis, K., et al.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62(62), 122–136 (2014)
Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: Proceedings of 2015 International Conference on Computing, Networking and Communications (ICNC). IEEE (2015)
Conti, M., Gangwal, A., Gaur, M.S.: A comprehensive and effective mechanism for DDoS detection in SDN. In: Proceedings of the 13th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications. IEEE (2017)
Xiulei, W., et al.: Defending DDoS attacks in software-defined networking based on legitimate source and destination IP address database. IEICE Trans. Inf. Syst. 99(4), 850–859 (2016)
Poeplau, S., Gassen, J.: A honeypot for arbitrary malware on usb storage devices. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS’12), pp. 1–8 (2012)
Podhradsky, A., Casey, C., Ceretti, P.: The bluetooth honeypot project: measuring and managing bluetooth risks in the workplace. Int. J. Interdisciplinary Telecommun. Network. 4(3), 1–22 (2012)
Dowling, S., Schukat, M., Melvin, H.: A ZigBee honeypot to assess IoT cyberattack behavior. In: 28th Irish Signals and Systems Conference (ISSC’17), pp. 1–6 (2017)
Kara, M., İkinci, A.: HoneyThing: Nesnelerinİnterneti icin Tuzak Sistem. In: 8th International Conference on Information Security and Cryptology (ISCTurkey’15), pp. 258–264 (2015)
Chakkaravarthy, S.S., et al.: Design of intrusion detection honeypot using social leopard algorithm to detect IoT ransomware attacks. IEEE Access 8, 169944–169956 (2020)
Guarnizo, J.D., et al.: SIPHON: Towards scalable high-interaction physical honeypots. In: 3rd ACM Workshop on Cyber-Physical System Security (CPSS’17), pp. 456–462 (2017)
Zhang, W., et al.: An IoT honeynet based on multiport honeypots for capturing IoT attacks. IEEE Internet Things J. 7(5), 3991–3999 (2019)
Saputro, E.D., Purwanto, Y., Ruriawan, M.F.: Medium interaction honeypot infrastructure on the internet of things. In: 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS). IEEE, pp. 98–102 (2021)
Ziaie Tabari, A., Ou, X.: A multi-phased multi-faceted IoT honeypot ecosystem. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 2121–2123 (2020)
Sedlar, U., Južnič, L.Š., Volk, M.: An iteratively-improving internet-of-things honeypot experiment. In: 2020 International Conference on Broadband Communications for Next Generation Networks and Multimedia Applications (CoBCom). IEEE, pp. 1–6 (2020)
Acknowledgments
This work was supported by project of State Grid Shandong Electric Power Company (No.520627200001).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Li, N., Cui, B., Liu, Z., Ni, J., Zhang, C., Kong, H. (2021). IoT Honeypot Scanning and Detection System Based on Authorization Mechanism. In: Zeng, J., Qin, P., Jing, W., Song, X., Lu, Z. (eds) Data Science. ICPCSEE 2021. Communications in Computer and Information Science, vol 1452. Springer, Singapore. https://doi.org/10.1007/978-981-16-5943-0_18
Download citation
DOI: https://doi.org/10.1007/978-981-16-5943-0_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-5942-3
Online ISBN: 978-981-16-5943-0
eBook Packages: Computer ScienceComputer Science (R0)