Assessment of IoT immunity against attacks using IoT honeypots

Abstract

Internet of Things (IoT), a collection of networked devices that autonomously communicate, share information, and manage their decisions. Unfortunately, these devices are equipped with attractive features that make them perfect targets to attackers, yet, lack even fundamental security. The stormy upsurge in the quantity of these devices engender massive excitement to the community, but, exposes the network to malicious attackers who perceive them as low-hanging fruits. Obviously, there is anxiety over the guarantee of IoT immunity and safety. At the moment, there is no synchronization, as it concerns how to implement the security of these devices. The research tries to learn the weaknesses of IoT devices, focusing on the attacks via the most common IoT application layer protocols by means of existing IoT honeypots, investigating the most targeted IoT devices application protocols/ports and then benchmark the honeypots. Honeypots are fantastic research tools, used to protect, study, detect or waste the potential attacker's time and resources. Attack events were detected, logged, scrutinized using attack events visualizations tools. It was established that there are lots of IoT honeypots available, that are characterized based on intent and level of interaction with the attackers. Application layer attacks recorded are those over the Telnet (port 23), SSH (22) and HTTP (80 and 8080). Attacks on MQTT (port 1883/8883), UPnP (1900) CoAP (5683) could not be recorded, obviously due to restrictions and security majors on the public network used for the research. Dionaea and Cowrie proved more effective of the honeypots deployed. These results might not be the most accurate as the network used does not allow port forwarding. Location of deployment provides a momentous part in using honeypots for research activities.