Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT

Simão Silva; Patrícia R. Sousa; João S. Resende; Luís Antunes

doi:10.1007/978-3-031-17926-6_5

Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT

Simão Silva, Patrícia R. Sousa, João S. Resende, Luís Antunes

NOVALincs

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP).

Original language	English
Title of host publication	Trust, Privacy and Security in Digital Business
Subtitle of host publication	19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings
Editors	Sokratis Katsikas, Steven Furnell
Place of Publication	Cham
Publisher	Springer
Pages	66-80
Number of pages	15
ISBN (Electronic)	978-3-031-17926-6
ISBN (Print)	978-3-031-17925-9
DOIs	https://doi.org/10.1007/978-3-031-17926-6_5
Publication status	Published - 6 Oct 2022
Event	19th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2022 - Vienna, Austria Duration: 24 Aug 2022 → 24 Aug 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer
Volume	13582 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2022
Country/Territory	Austria
City	Vienna
Period	24/08/22 → 24/08/22

Keywords

CVE
Honeypot
Internet of Things
Intrusion detection
Security
Vulnerability

Access to Document

10.1007/978-3-031-17926-6_5

Cite this

Silva, S., Sousa, P. R., Resende, J. S., & Antunes, L. (2022). Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT. In S. Katsikas, & S. Furnell (Eds.), Trust, Privacy and Security in Digital Business: 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings (pp. 66-80). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13582 LNCS). Springer. https://doi.org/10.1007/978-3-031-17926-6_5

Silva, Simão ; Sousa, Patrícia R. ; Resende, João S. et al. / Threat Detection and Mitigation with Honeypots : A Modular Approach for IoT. Trust, Privacy and Security in Digital Business: 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings. editor / Sokratis Katsikas ; Steven Furnell. Cham : Springer, 2022. pp. 66-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{556e9c7d35cc43a88b9073723b9c04dc,

title = "Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT",

abstract = "A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP).",

keywords = "CVE, Honeypot, Internet of Things, Intrusion detection, Security, Vulnerability",

author = "Sim{\~a}o Silva and Sousa, \{Patr{\'i}cia R.\} and Resende, \{Jo{\~a}o S.\} and Lu{\'i}s Antunes",

note = "info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/LA\%2FP\%2F0063\%2F2020/PT\# info:eu-repo/grantAgreement/EC/H2020/830929/EU\# Funding Information: The work of Sim{\~a}o Silva was partially funded by the SafeCities POCI-01-0247-FEDER-041435 project through COMPETE 2020 program. The work of Patr{\'i}cia R. Sousa was partially supported by the Project “City Catalyst-Catalisador para cidades sustent{\'a}veis”, with reference POCI-01-0247-FEDER-046119, financed by Fundo Europeu de Desenvolvimento Regional (FEDER), through COMPETE 2020 and Portugal 2020 programs. National Funds also partially supported this work through the Ag{\^e}ncia para a Mod-erniza{\c c}{\~a}o Administrativa, program POCI-Programa Operacional Competitividade e Internacionaliza{\c c}{\~a}o, within project POCI-05-5762-FSE-000229.1. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 19th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2022 ; Conference date: 24-08-2022 Through 24-08-2022",

year = "2022",

month = oct,

day = "6",

doi = "10.1007/978-3-031-17926-6\_5",

language = "English",

isbn = "978-3-031-17925-9",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "66--80",

editor = "Sokratis Katsikas and Steven Furnell",

booktitle = "Trust, Privacy and Security in Digital Business",

address = "Netherlands",

}

Silva, S, Sousa, PR, Resende, JS & Antunes, L 2022, Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT. in S Katsikas & S Furnell (eds), Trust, Privacy and Security in Digital Business: 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13582 LNCS, Springer, Cham, pp. 66-80, 19th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2022, Vienna, Austria, 24/08/22. https://doi.org/10.1007/978-3-031-17926-6_5

Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT. / Silva, Simão; Sousa, Patrícia R.; Resende, João S. et al.
Trust, Privacy and Security in Digital Business: 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings. ed. / Sokratis Katsikas; Steven Furnell. Cham: Springer, 2022. p. 66-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13582 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Threat Detection and Mitigation with Honeypots

T2 - 19th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2022

AU - Silva, Simão

AU - Sousa, Patrícia R.

AU - Resende, João S.

AU - Antunes, Luís

N1 - info:eu-repo/grantAgreement/FCT/6817 - DCRRNI ID/LA%2FP%2F0063%2F2020/PT# info:eu-repo/grantAgreement/EC/H2020/830929/EU# Funding Information: The work of Simão Silva was partially funded by the SafeCities POCI-01-0247-FEDER-041435 project through COMPETE 2020 program. The work of Patrícia R. Sousa was partially supported by the Project “City Catalyst-Catalisador para cidades sustentáveis”, with reference POCI-01-0247-FEDER-046119, financed by Fundo Europeu de Desenvolvimento Regional (FEDER), through COMPETE 2020 and Portugal 2020 programs. National Funds also partially supported this work through the Agência para a Mod-ernização Administrativa, program POCI-Programa Operacional Competitividade e Internacionalização, within project POCI-05-5762-FSE-000229.1. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022/10/6

Y1 - 2022/10/6

N2 - A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP).

AB - A honeypot is a controlled and secure environment to examine different threats and understand attack patterns. Due to the highly dynamic environments, the growing adoption and use of Internet of Things (IoT) devices make configuring honeypots complex. One of the current literature challenges is the need for a honeypot not to be detected by attackers, namely due to the delays that are required to make requests to external and remote servers. This work focuses on deploying honeypots virtually on IOT devices. With this technology, we can use endpoints to send specific honeypots on recent known vulnerabilities on IOT devices to find and notify attacks within the network, as much of this information is verified and made freely available by government entities. Unlike other approaches, the idea is not to have a fixed honeypot but a set of devices that can be used at any time as a honeypot (adapted to the latest threat) to test the network for a possible problem and then report to Threat Sharing Platform (TSP).

KW - CVE

KW - Honeypot

KW - Internet of Things

KW - Intrusion detection

KW - Security

KW - Vulnerability

UR - https://www.scopus.com/pages/publications/85141761913

U2 - 10.1007/978-3-031-17926-6_5

DO - 10.1007/978-3-031-17926-6_5

M3 - Conference contribution

AN - SCOPUS:85141761913

SN - 978-3-031-17925-9

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 66

EP - 80

BT - Trust, Privacy and Security in Digital Business

A2 - Katsikas, Sokratis

A2 - Furnell, Steven

PB - Springer

CY - Cham

Y2 - 24 August 2022 through 24 August 2022

ER -

Silva S, Sousa PR, Resende JS, Antunes L. Threat Detection and Mitigation with Honeypots: A Modular Approach for IoT. In Katsikas S, Furnell S, editors, Trust, Privacy and Security in Digital Business: 19th International Conference, TrustBus 2022, Vienna, Austria, August 24, 2022, Proceedings. Cham: Springer. 2022. p. 66-80. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-17926-6_5