Cowrie Honeypot Infrastructure on The Internet of
Things
Athira P Ajith
Department of Electronics and
Communication Engineering
APJ Abdul Kalam Technological
University
Sahrdaya College of Engineering and
Technology(AICTE)
Kodakara,Kerala,India
athirapajith@gmail.com
Abstract—New technologies from day to day are submitted
With many vulnerabilities that can make data exploitation.
Nowadays, IoT is a target for Cybercrime attacks as it is one of
The popular platforms in the century. This research address the
IoT security problem by carried a medium-interaction Honeypot.
Honeypot is one of the solutions that can be done Because it is a
system feed for the introduction of attacks and Fraudulent
devices. This research has created a medium Interaction
honeypot using Cowrie, which is used to maintain The Internet
of Things device from malware attacks or even Attack patterns
and collect information about the attacker’s Machine. From the
result analysis, the honeypot can record all Trials and attack
activities, with CPU loads averagely below 6,3%.
Keywords— Honeypot, security, Internet of Things, Medium
Interaction, Cowrie
I. LITERAURE SURVEY
A honeypot is a computer security mechanism set to
detect, deflect, or, in some manner, counteract attempts at
unauthorized use of information systems. The honeypots do
not contain valuable data, only provide some fake data.
Therefore, the honeypot is a source of security that has no
production value. It traps attacks, records intrusion
information about tools and activities of the hacking
process, and prevents attacks outbound the compromised
system. Integrated with other security solutions, honeypot
can solve many traditional dilemmas.
Honeypots can be classified based on their
deployment and based on their level of involvement.Based
on deployment, honeypots may be classified as:
 Production honeypots
 Research honeypots
Production Honeypots is used to protect
company from malicious activities done by blackhats.
This honeypot is placed under the production network
to increase the overall security of the company.[1]
Research Honeypots are solely used in the research
areas. The main aim here is to get maximum
information about the blackhats by giving them full
access to penetrate the security system and infiltrate it.
XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE
By allowing such an access to blackhats, it’s easy to
know about the tools used and other related information
about them.
And based up on the level of interaction they are
classified into three, Low-interaction honeypots
simulate only a small set of services like SSH or FTP,
they do not provide any access to the operating system
to the attacker.LIHP produce minimal responses in
order to allow protocol handshakes. As the collection of
information is limited,LIHP are used mainly for statistic
evaluation.
Medium-interaction honeypots offer attackers
more ability to interact than do low-interaction
honeypots but less functionality than high-interaction
solutions. They can expect certain activity and are
designed to give certain responses beyond what a low-
interaction honeypot would give.
High interaction honeypot imitate the activities
of the production systems that host a variety of services
and, therefore, an attacker may be allowed a lot of
services to waste their time. By employing virtual
machines, multiple honeypots can be hosted on a single
physical machine. Therefore, even if the honeypot is
compromised, it can be restored more quickly. In
general, high-interaction honeypots provide more
security by being difficult to detect, but they are
expensive to maintain. If virtual machines are not
available, one physical computer must be maintained
for each honeypot, which can be exorbitantly expensive.
Thus higher the level of interaction higher will be data
collected and higher will be the risk.
In this paper we are using medium interaction
honeypot Cowrie to secure IoT. Cowrie is a medium to
high interaction SSH and Telnet honeypot designed to
log brute force attacks and the shell interaction
performed by the attacker. In medium interaction mode
(shell) it emulates a UNIX system in Python, in high
interaction mode (proxy) it functions as an SSH and
telnet proxy to observe attacker behavior to another
system.
Cowrie’s emulated PowerShell session and fake
file system configuration files can be inspected,
modified, and improved to strengthen its deceptive
capabilities to bait attackers into believing that they are
attacking a real system and not a honeypot.[6]
 used Deceptively”, International Conference on Computational
Science and Computational Intelligence (CSCI) , 2019
References [7] R. Meulen, J. Raviera. “Gartner Says 4.9 Billion
Connected ‘Things’ Will Be in Use in 2015” 2014,
[Online].Available: https://www.gartner.com/en/newsroom/press-
[1] Abhishek Mairh, Debabrat Barik, Kanchan Verma, Debasish Jena
Releases/2014-11- 11-gartner-says-nearly-5billion-Connected-things-will-
“Honeypot in Network Security” , IEEE
be-in- use-in-2015
[2] Javier Franco, Ahmet Aris, Berk Canberk, A. Selcuk Uluagac”A
[8] C. W. Zhao, J. Jegatheesan, and S. C. Loon.
Survey of Honeypots and Honeynets for Internet Of Things, Industrial
Internet of Things, andCyber-Physical Systems,”IEEE “Exploring IoT application using raspberry pi.”International Journal of
COMMUNICATIONS SURVEY & Computer Networks and
TUTORIALS,VOL.23,NO.4,FOURTH QUARTER 2021 Applications 2(1): 27-34. 2015 [Online]. Available:
[3] Felix Lau, Stuart Rubin, Michael H. Smith, Lijiljana http://ijcna.org/Manuscripts/Volume- 2/Issue1/Vol-2-issue-1-M-04.pdf
Trajkovic“Distributed Denial of Service Attacks” [9] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas,“DDoS in the IoT:
[4] Marcin Nawrocki, Matthias Wahlisch, Thomas C. Schmidt†, Christian Mirai and Other Botnets,” Computer(Long. Beach. Calif). Pp. 80-84,
Keil, Jochen Schonfelder , “A Survey on Honeypot Software and Data 2017.
Analysis“IEEE August 2016 [10] M. Oosterhof. “Cowrie Honeypot,” 2019, [Online].Available:
[5] Feng Zhang, Shijie Zhou. Zhiguang Qin, Jinde Liu, “Honeypot: a http://www.micheloosterhof.com.
Supplemented Active Defense System for Network Security”
[6] Warren Z Cabral, Craig Valli, Leslie F Sikos, Samuel G Wakeling ,“
Review and Analysis of Cowrie Artefacts and Their Potential to be