IoT Honeynet com Emulação da Internet

Abstract

This work argues that the growth in numbers of IoT (Internet of Things) in our lives (eg Amazon Echo, cameras, etc.), as well as their increasing computing power, arouses the interest of hackers and consequently, their attacks. Most of these attacks are aimed at making profits, espionage or activism. However, despite years of research and experience, we have not yet produced computer systems with enough programming safety to prevent such large-scale attacks. In general, the techniques employed are post-attack, such as attack detection and malware analysis. The tools used in this analysis can execute processes that allow you to monitor the interactions of the malware with the environment. These analysis can be of two types: (I) static analysis, which is the process of analyzing malware without executing it; (II) dynamic analysis that executes malware in a controlled environment and monitors its interactions. Capture tools, such as honeypots and honeynets, require a controlled environment and this is the central theme of our work, focused on IoTs. Thus, we propose a honeynet architecture able to identify the attacks and interactions of the cyber attacks thru its control, in that we start from the premise that such interactions are made through addresses in black lists. In addition, the malware must be executed by a process similar to that of the IoT devices. Finally, the architecture needs to be self-sufficient and to be in a controlled environment, to ensure that its execution does not generate a real Internet attack, but replicate it by emulation. A proof of concept with software-defined networks (SDN) was developed and the results show that the architecture is self-sufficient, its environment controlled and scalable.