HonIoT: Arquitetura de Honeynet com Controle de Propagação de Malwares para Dispositivos de IoT
Resumo
É indicada a utilização de honeypots e honeynets para o estudo aprofundado do comportamento dos malwares para dispositivos de IoT, porém, alguns cuidados devem ser tomados garantindo que esses ambientes sejam capazes de detalhar corretamente todo ciclo de infecção dos malwares e não se tornem um ponto de origem de ataques às outras redes. Nessa linha, este trabalho apresenta o HonIoT, uma honeynet que suporta a inclusão de honeypots reais, emuladas ou virtualizadas, criando uma internet emulada que corresponde à parte atacada da rede, possibilitando o monitoramento completo de todo ciclo de infecção e propagação do malware. Testes preliminares apontaram boa capacidade deescalabilidade do ambiente e correta execução do fluxo de ações da honeynet.
Palavras-chave:
Segurança, Malwares, Internet das Coisas
Referências
Agnaou, A., Kalam, A. A. E., Ouahman, A. A., and Montfort, M. D. (2016). Reduce positive and negative falses from attacks collected from the deployment of distributed honeypot network. CoRR, abs/1611.03252.
Bhunia, S. S. and Gurusamy, M. (2017). Dynamic attack detection and mitigation in iot using sdn. In 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), pages 1-6.
Cabaj, K., Gawkowski, P., Grochowski, K., Nowikowski, A., andŻórawski, P. (2017). The impact of malware evolution on the analysis methods and infrastructure. In 2017 Federated Conference on Computer Science and Information Systems (FedCSIS), pages 549-553.
Dowling, S., Schukat, M., and Melvin, H. (2017). Data-centric framework for adaptive smart city honeynets. In 2017 Smart City Symposium Prague (SCSP), pages 1-7.
Dowling, S., Schukat, M., and Melvin, H. (2017). A zigbee honeypot to assess iot cyberattack behaviour. In 2017 28th Irish Signals and Systems Conference (ISSC), pages 1-6.
Emerging Threats (2017). Emerging threats botnet command and control drop ru-les. http://rules.emergingthreats.net/open/suricata/rules/ botcc.rules. Acessado em: 18/12/2017.
Erdem, O., Pektas, A., and Kara, M. (2018). Honeything: A new honeypot design for cpe devices. KSII Transactions on Internet and Information Systems, 12:4512-4526.
Gandhi, U. D., Kumar, P. M., Varatharajan, R., Manogaran, G., Sundarasekar, R., and Kadu, S. (2018). Hiotpot: Surveillance on iot devices against recent threats. Wireless Personal Communications, 103(2):1179-1194.
GARTNER (2017). 6.4 billion connected "things"will be in use in 2016. https://www. gartner.com/newsroom/id/3165317. Acessado em: 13/04/2017.
Hoepers, C., Steding-Jessen, K., and Chaves, M. H. P. C. (2007). Honeypots e honey-nets: Definições e aplicações. https://www.cert.br/docs/whitepapers/ honeypots-honeynets/. Acessado em: 18/12/2018.
Koniaris, I., Papadimitriou, G., Nicopolitidis, P., and Obaidat, M. (2014). Honeypots deployment for the analysis and visualization of malware activity and malicious con-nections. In 2014 IEEE International Conference on Communications (ICC), pages 1819-1824.
Marzano, A., Alexander, D., Fazzion, E., Fonseca, O., Cunha, Italo e Hoepers, C., Steding-Jessen, K., e Chaves, M. H. P. C., Guedes, D., and Meira Jr., W. (2018). Monitoramento e caracterização de botnets bashlite em dispositivos iot. Simpósio Brasileiro de Redes de Computadores (SBRC), 36.
Pa, Y. M. P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., and Rossow, C. (2015). Iotpot: Analysing the rise of iot compromises. In 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C. USENIX Association.
Pathan, A.-S. K. (2014). The State of the Art in Intrusion Prevention and Detection. Auerbach Publications, Boston, MA, USA.
Simpson, A. K., Roesner, F., and Kohno, T. (2017). Securing vulnerable home iot devices with an in-hub security manager. In Pervasive Computing and Communications Workshops (PerCom Workshops), 2017 IEEE International Conference on, pages 551-556. IEEE.
Sochor, T. and Zuzcak, M. (2014). Study of internet threats and attack methods using honeypots and honeynets. In Kwiecień, A., Gaj, P., and Stera, P., editors, Computer Networks, pages 118-127, Cham. Springer International Publishing.
SPAMHAUS (2018). Spamhaus botnet threat report 2017. https://www.spamhaus. org/news/article/772/spamhaus-botnet-threat-report-2017. Acessado em: 05/03/2018.
Bhunia, S. S. and Gurusamy, M. (2017). Dynamic attack detection and mitigation in iot using sdn. In 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), pages 1-6.
Cabaj, K., Gawkowski, P., Grochowski, K., Nowikowski, A., andŻórawski, P. (2017). The impact of malware evolution on the analysis methods and infrastructure. In 2017 Federated Conference on Computer Science and Information Systems (FedCSIS), pages 549-553.
Dowling, S., Schukat, M., and Melvin, H. (2017). Data-centric framework for adaptive smart city honeynets. In 2017 Smart City Symposium Prague (SCSP), pages 1-7.
Dowling, S., Schukat, M., and Melvin, H. (2017). A zigbee honeypot to assess iot cyberattack behaviour. In 2017 28th Irish Signals and Systems Conference (ISSC), pages 1-6.
Emerging Threats (2017). Emerging threats botnet command and control drop ru-les. http://rules.emergingthreats.net/open/suricata/rules/ botcc.rules. Acessado em: 18/12/2017.
Erdem, O., Pektas, A., and Kara, M. (2018). Honeything: A new honeypot design for cpe devices. KSII Transactions on Internet and Information Systems, 12:4512-4526.
Gandhi, U. D., Kumar, P. M., Varatharajan, R., Manogaran, G., Sundarasekar, R., and Kadu, S. (2018). Hiotpot: Surveillance on iot devices against recent threats. Wireless Personal Communications, 103(2):1179-1194.
GARTNER (2017). 6.4 billion connected "things"will be in use in 2016. https://www. gartner.com/newsroom/id/3165317. Acessado em: 13/04/2017.
Hoepers, C., Steding-Jessen, K., and Chaves, M. H. P. C. (2007). Honeypots e honey-nets: Definições e aplicações. https://www.cert.br/docs/whitepapers/ honeypots-honeynets/. Acessado em: 18/12/2018.
Koniaris, I., Papadimitriou, G., Nicopolitidis, P., and Obaidat, M. (2014). Honeypots deployment for the analysis and visualization of malware activity and malicious con-nections. In 2014 IEEE International Conference on Communications (ICC), pages 1819-1824.
Marzano, A., Alexander, D., Fazzion, E., Fonseca, O., Cunha, Italo e Hoepers, C., Steding-Jessen, K., e Chaves, M. H. P. C., Guedes, D., and Meira Jr., W. (2018). Monitoramento e caracterização de botnets bashlite em dispositivos iot. Simpósio Brasileiro de Redes de Computadores (SBRC), 36.
Pa, Y. M. P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., and Rossow, C. (2015). Iotpot: Analysing the rise of iot compromises. In 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C. USENIX Association.
Pathan, A.-S. K. (2014). The State of the Art in Intrusion Prevention and Detection. Auerbach Publications, Boston, MA, USA.
Simpson, A. K., Roesner, F., and Kohno, T. (2017). Securing vulnerable home iot devices with an in-hub security manager. In Pervasive Computing and Communications Workshops (PerCom Workshops), 2017 IEEE International Conference on, pages 551-556. IEEE.
Sochor, T. and Zuzcak, M. (2014). Study of internet threats and attack methods using honeypots and honeynets. In Kwiecień, A., Gaj, P., and Stera, P., editors, Computer Networks, pages 118-127, Cham. Springer International Publishing.
SPAMHAUS (2018). Spamhaus botnet threat report 2017. https://www.spamhaus. org/news/article/772/spamhaus-botnet-threat-report-2017. Acessado em: 05/03/2018.
Publicado
24/09/2019
Como Citar
ALVES BAREA, Emerson Rogério ; FREIRE DE SOUZA, Jaime ; MARCONDES, Cesar A.; GODOY, Douglas Baptista de.
HonIoT: Arquitetura de Honeynet com Controle de Propagação de Malwares para Dispositivos de IoT. In: WORKSHOP DE SEGURANÇA CIBERNÉTICA EM DISPOSITIVOS CONECTADOS (WSCDC), 2. , 2019, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 23-36.
DOI: https://doi.org/10.5753/wscdc.2019.7703.
