Automated Identification of Security Threats and Malicious Activities in the Internet of Things
With regard to the Internet-of-Things (IoT), current research highlights the absence of methods for the identification of technical device characteristics of Internet-wide IoT devices, techniques to encounter arising security threats in the IoT, and large-scale identification techniques of exploited IoT devices. Overall, the project’s results will help to shrink the attack surface of the IoT paradigm, and both the research community and organizations will benefit from the derived IoT-specific technical threat intelligence which enables them to react to the arising security threats and to identify malicious activities in the IoT.
Motivation
The IoT is exposed to ongoing malicious attacks. Poorly secured devices and the ongoing development of new features lead to new challenges in the IoT paradigm. Compromised IoT devices are misused for distributed denial-of-service (DDoS) attacks, spamming, cryptocurrency mining, view generation on social media, as proxy agents, or as VPN pools. In the last couple of years, organizations and companies have started to share real-time cyber threat information, so-called threat intelligence. However, there still doesn’t exist an Internet-wide automated identification of malicious activities in the IoT, IoT-specific attack signatures haven’t been created yet and IoT-tailored actionable cyber security capabilities are still missing.
Methodology
By conducting a large-scale, Internet-wide deployment of high-interactive IoT tailored honeypots, we aim to collect IoT-relevant malicious empirical data, IoT-centric attack signatures, and IoT-specific technical threat intelligence. Through the utilization of our knowledge on IoT-specific technical threat intelligence, we plan to identify compromised IoT devices in the Internet with an active scanning approach.
Due to the combination of firmware sample scraping and IoT virtualization techniques, we intend to create a database which holds the technical characteristics of IoT devices.
Further Information
- The project is led by SBA Research.
- This FFG programme is sponsored by Nationalstiftung für Forschung, Technologie und Entwicklung and Österreich-Fonds. The focus lies on funding industrial PhD projects to improve qualifications of research and innovation staff in companies and non-university research institutions. An Industrial PhD project is performed by an employee of an Austrian company/non-university research institution, who is enrolled as a PhD student at a university during the whole project.
Contact
This project is funded by the FFG.