Professional Documents
Culture Documents
Things
Athira P Ajith
Department of Electronics and
Communication Engineering
APJ Abdul Kalam Technological
University
Sahrdaya College of Engineering and
Technology(AICTE)
Kodakara,Kerala,India
athirapajith@gmail.com
Abstract—New technologies from day to day are submitted By allowing such an access to blackhats, it’s easy to
With many vulnerabilities that can make data exploitation. know about the tools used and other related information
Nowadays, IoT is a target for Cybercrime attacks as it is one of about them.
The popular platforms in the century. This research address the And based up on the level of interaction they are
IoT security problem by carried a medium-interaction Honeypot.
Honeypot is one of the solutions that can be done Because it is a
classified into three, Low-interaction honeypots
system feed for the introduction of attacks and Fraudulent simulate only a small set of services like SSH or FTP,
devices. This research has created a medium Interaction they do not provide any access to the operating system
honeypot using Cowrie, which is used to maintain The Internet to the attacker.LIHP produce minimal responses in
of Things device from malware attacks or even Attack patterns order to allow protocol handshakes. As the collection of
and collect information about the attacker’s Machine. From the information is limited,LIHP are used mainly for statistic
result analysis, the honeypot can record all Trials and attack evaluation.
activities, with CPU loads averagely below 6,3%. Medium-interaction honeypots offer attackers
more ability to interact than do low-interaction
Keywords— Honeypot, security, Internet of Things, Medium
Interaction, Cowrie honeypots but less functionality than high-interaction
solutions. They can expect certain activity and are
designed to give certain responses beyond what a low-
interaction honeypot would give.
High interaction honeypot imitate the activities
I. LITERAURE SURVEY of the production systems that host a variety of services
and, therefore, an attacker may be allowed a lot of
A honeypot is a computer security mechanism set to services to waste their time. By employing virtual
detect, deflect, or, in some manner, counteract attempts at machines, multiple honeypots can be hosted on a single
unauthorized use of information systems. The honeypots do physical machine. Therefore, even if the honeypot is
not contain valuable data, only provide some fake data. compromised, it can be restored more quickly. In
Therefore, the honeypot is a source of security that has no general, high-interaction honeypots provide more
production value. It traps attacks, records intrusion security by being difficult to detect, but they are
information about tools and activities of the hacking expensive to maintain. If virtual machines are not
process, and prevents attacks outbound the compromised available, one physical computer must be maintained
system. Integrated with other security solutions, honeypot for each honeypot, which can be exorbitantly expensive.
can solve many traditional dilemmas. Thus higher the level of interaction higher will be data
collected and higher will be the risk.
Honeypots can be classified based on their In this paper we are using medium interaction
deployment and based on their level of involvement.Based honeypot Cowrie to secure IoT. Cowrie is a medium to
on deployment, honeypots may be classified as: high interaction SSH and Telnet honeypot designed to
log brute force attacks and the shell interaction
Production honeypots performed by the attacker. In medium interaction mode
Research honeypots (shell) it emulates a UNIX system in Python, in high
interaction mode (proxy) it functions as an SSH and
Production Honeypots is used to protect telnet proxy to observe attacker behavior to another
company from malicious activities done by blackhats. system.
This honeypot is placed under the production network Cowrie’s emulated PowerShell session and fake
to increase the overall security of the company.[1] file system configuration files can be inspected,
Research Honeypots are solely used in the research modified, and improved to strengthen its deceptive
areas. The main aim here is to get maximum capabilities to bait attackers into believing that they are
information about the blackhats by giving them full attacking a real system and not a honeypot.[6]
access to penetrate the security system and infiltrate it.