An Iteratively-Improving Internet-of-Things Honeypot Experiment

Abstract

In this paper we present a prototype implementation of an iteratively improving low-interaction Internet-of-Things (IoT) honeypot, based on serving responses of real IoT devices obtained through IoT search engines, as well as devices and services under our own control. The experiment was designed to confirm if this is a viable approach to mimicking a heterogeneous group of blackbox devices. In the experiment we focused on only one of the protocols used in the IoT world, the Hypertext Transfer Protocol (HTTP), primarily due to widespread use and mature tooling. Our findings show that it is trivial to learn enough responses to induce deeper probing, and that some of the knowledge discovered in this way could not have been obtained by using any other publicly available resources.