Io IoT Ho T Hone neyBot yBot Haris emi and Saa Mrdovi - - PowerPoint PPT Presentation

io iot ho t hone neybot ybot
SMART_READER_LITE
LIVE PREVIEW

Io IoT Ho T Hone neyBot yBot Haris emi and Saa Mrdovi - - PowerPoint PPT Presentation

Sep 06, 2022 303 likes •499 views

Io IoT Ho T Hone neyBot yBot Haris emi and Saa Mrdovi Cryptacus: Workshop and MC meeting Nijmegen, Netherlands, 2017 Honeypots Honeypots Emulation of a network resource Built to be discovered, attacked and compromised

slide-1
SLIDE 1

Io IoT Ho T Hone neyBot yBot

Haris Šemić and Saša Mrdović

Cryptacus: Workshop and MC meeting Nijmegen, Netherlands, 2017

slide-2
SLIDE 2

IoT HoneyBot

 Emulation of a network resource  Built to be discovered, attacked and compromised  Data collection with goal to:

  • Prevent/detect future attacks
  • Implement new or adapt existing security

controls

Honeypots Honeypots

slide-3
SLIDE 3

IoT HoneyBot

 Billions of special-purpose devices connected to

the Internet

 Automatization of all aspects of modern life  Remote control of IoT devices using distant

network nodes

 30+ billion IoT devices expected by year 2020

Intern Internet et of T f Thing hings

slide-4
SLIDE 4

IoT HoneyBot

 Client-server botnets

  • Eg. Mirai, IoT Reaper
  • Notable attacks: Krebs on Security 620 Gbs

DDoS attack in 2016, Dyn DDoS attack

 Peer to peer botnets

  • Eg. Hajime
  • At the moment not malicious

IoT b IoT botn tnets ts

slide-5
SLIDE 5

IoT HoneyBot

Current system Current system

slide-6
SLIDE 6

IoT HoneyBot

 Manual component

  • Handles manual attacks
  • Requires complementary configuration file
  • Emulates the look and feel of a real IoT device

 Mirai component

  • Handles mirai attacks
  • Emulates specific responses which are expected

by Mirai

Front-end

  • nt-end
slide-7
SLIDE 7

IoT HoneyBot

Back Back-en end

slide-8
SLIDE 8

Can multi-component design be applied for large- scale malware observation and research?

IoT HoneyBot

slide-9
SLIDE 9

IoT HoneyBot

 Mass-deployment of IoT honeypots  Malware research  Anti-botnet  Propagation observation  Employment of machine learning to handle new

types of attacks

 Encrypted communication

The e Id Idea ea

slide-10
SLIDE 10

IoT HoneyBot

slide-11
SLIDE 11

IoT HoneyBot

Sing Single honeybot node le honeybot node

 Implemented using Node.js  Interacts with malicious traffic and supports:

  • Telnet protocol
  • SSH protocol
  • HTTP, HTTPS

 Interaction with central server includes:

  • Receiving configuration
  • Login attempt validation
  • Delivering and receiving encrypted data
slide-12
SLIDE 12

IoT HoneyBot  Stores and reports captured data:

  • One file for each unique IP address
  • Each file contains a history of attacks from any specific

source

 Contains:

  • Username-password combinations
  • Database of known attacks
  • Emulation configurations

 Implements machine learning to handle new types of

attacks

 Threaded implementation

Central server Central server

slide-13
SLIDE 13

IoT HoneyBot

slide-14
SLIDE 14

Implementation challenges

IoT HoneyBot

slide-15
SLIDE 15

IoT HoneyBot

 Hundreds (thousands!) of honeypot nodes present

two challenges:

  • Deployment

 Physical location of each machine  How many VMs on a single machine

  • Administration

 Monitoring each node  Data reporting

  • 1. Mass-deployment
  • 1. Mass-deployment
slide-16
SLIDE 16

IoT HoneyBot

  • 2. Machine learning alg
  • 2. Machine learning algorith

rithm

slide-17
SLIDE 17

IoT HoneyBot

 A single central server with static IP address and

domain can easily be blocked and cut off

 Some resilience techniques from existing botnets

need to be borrowed:

  • Fast-flux technique (multiple IPs for a single

domain name)

  • Domain generation algorithm (continuous

generation of random domains)

  • 3. Si
  • 3. Singl

gle point of failure e point of failure

slide-18
SLIDE 18

Thank you

IoT HoneyBot