DATX02-21-58 Botnet Honeypot Honugskruka i sakernas internet

Background

According to a 2020 report by Business Insider there were around 8 billion active IoT devices the previous year. By 2027, they project this number to be 41 billion. The budget for securing inexpensive IoT devices is often compromised due to demands from customers that the devices be as cheap as possible and companies looking to maximize profits. Hackers have targeted internet connected devices for a long time, but it took until 2016, which was when the Mirai botnet surfaced for people to realize how destructive a botnet of IoT devices can be.

Project description

The end product The goal of this project is to develop a honeypot that captures automated attacks originating from botnets. It shall implement at least one of the Telnet/SSH protocols, and to some extent mimic the shell of an IOT device when something logs in and interacts with it. Information like the IP address, username/password, and what they try to do once logged in, shall be logged by the honeypot. It is up to the group members to decide on additional protocols and features the honeypot shall support/implement if time is available. For example the authors could choose to send notifications to the user when it is attacked, implement a web interface for easy visualization of all the attacks, or additional protocols such as RDP, ADB, or just a simple http login portal.

The choice of programming language is also up to the authors, but Python is an attractive option due to its ease of use, widespread usage, and available libraries. The finished product shall be published as free software, and should be able to run natively on an inexpensive Linux host for many days without interruption.

The focus area

The focus of this project lies within the Computer Security field, namely to develop an application to aid computer security researchers discover new malware and threats to IoT devices. The secondary focus is to analyze the team members own findings using the application, shed light on how IoT devices currently are being attacked, and how to defend against it.

Suggested reading material

The below resources are only suggestions, any resource that allows the reader to familiarize himself with any of the prerequisites for this project is good.

● Computer Networking: A Top-Down Approach. Authors: James Kurose and Keith Ross ● Stallings & Brown: Computer Security, Pearson 2012, ISBN: 978-0-273-76449-6 ● https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analy sis/ ● https://ieeexplore.ieee.org/document/8859496 ● https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot ● https://www.resilient-iot.se/

Specific prerequisites ● Programming experience ● Some knowledge of computer malware ● Some knowledge of networking protocols ● Some knowledge about Linux

Target group DV, IT, D

Proposal authors

Alexander Lysholm & Magnus Jonsson Supervisors

Main supervisor: Francisco Blas Izquierdo Riera ​ Backup supervisor: Magnus Almgren ​