Abstract
The Internet of Things (IoT) is a collection of tiny devices deployed with sensors. IoT automates embedded devices and controls them over the Internet. Ubiquitous deployment of IoT introduces a vision for the next generation of the Internet where users, computing systems, and everyday objects possessing sensing and actuating capabilities cooperate with unprecedented convenience and economic benefits. Due to the increased usage of IoT devices, the IoT networks are vulnerable to various security attacks by remote login (like SSH and Telnet). This paper focuses on capturing the attacks on IoT devices using Cowrie honeypot. We employ various machine learning algorithms, namely, Naive Bayes, J48 decision tree, Random Forest and Support Vector Machine (SVM) to classify these attacks. This research classifies attacks into various categories such as malicious payload, SSH attack, XOR DDoS, Spying, Suspicious and clean. Feature selection is carried out using subset evaluation and best first search. Once features are selected, we use the proposed SVM model and evaluate its performance with baseline models like Random Forest, Naive Bayes, J48 decision tree. The trained model’s fitness is evaluated on the basis of various metrics such as accuracy, sensitivity, precision, and F-score, where accuracy varies from 67.7% to 97.39%. This work exhibits the inclusion of machine learning module to classify attacks by analyzing the exhibit behavior. In the end, we discuss our observations of honeypot forensics over the commands executed by the attacker to execute malicious attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Brankovic, A., Falsone, A., Prandini, M., Piroddi, L.: A feature selection and classification algorithm based on randomized extraction of model populations. IEEE Trans. Cybern. 48(4), 1151–1162 (2018)
Fan, W., Du, Z., Fernández, D., Villagrá, V.A.: Enabling an anatomic view to investigate honeypot systems: a survey. IEEE Syst. J. (2017)
Fraunholz, D., Krohmer, D., Anton, S.D., Schotten, H.D.: Investigation of cyber crime conducted by abusing weak or default passwords with a medium interaction honeypot. In: 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security), pp. 1–7. IEEE (2017)
Fraunholz, D., Zimmermann, M., Hafner, A., Schotten, H.D.: Data mining in long-term honeypot data. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 649–656. IEEE (2017)
Kuman, S., Groš, S., Mikuc, M.: An experiment in using IMUNES and Conpot to emulate honeypot control networks. In: Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1262–1268. IEEE (2017)
Levine, J.G., Grizzard, J.B., Owen, H.L.: Using honeynets to protect large enterprise networks. IEEE Secur. Priv. 2(6), 73–75 (2004)
Lin, Y.-D., Lee, C.-Y., Wu, Y.-S., Ho, P.-H., Wang, F.-Y., Tsai, Y.-L.: Active versus passive malware collection. Computer 47(4), 59–65 (2014)
Mushtakov, R.E., Silnov, D.S., Tarakanov, O.V., Bukharov, V.A.: Investigation of modern attacks using proxy honeypot. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 86–89. IEEE (2018)
Paradise, A., et al.: Creation and management of social network honeypots for detecting targeted cyber attacks. IEEE Trans. Comput. Soc. Syst. 4(3), 65–79 (2017)
Sadasivam, G.K., Hota, C., Anand, B.: Classification of SSH attacks using machine learning algorithms. In: 2016 6th International Conference on IT Convergence and Security (ICITCS), pp. 1–6. IEEE (2016)
Zanella, A., Bui, N., Castellani, A., Vangelista, L., Zorzi, M.: Internet of things for smart cities. IEEE Internet Things J. 1(1), 22–32 (2014)
Acknowledgement
This work was supported by Department of Electronics and Information Technology (DeitY), Govt. of India and Netherlands Organization for Scientific research (NWO), Netherlands.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Shrivastava, R.K., Bashir, B., Hota, C. (2019). Attack Detection and Forensics Using Honeypot in IoT Environment. In: Fahrnberger, G., Gopinathan, S., Parida, L. (eds) Distributed Computing and Internet Technology. ICDCIT 2019. Lecture Notes in Computer Science(), vol 11319. Springer, Cham. https://doi.org/10.1007/978-3-030-05366-6_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-05366-6_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05365-9
Online ISBN: 978-3-030-05366-6
eBook Packages: Computer ScienceComputer Science (R0)