物联网蜜罐综述

A Survey on Honeypots of Internet of Things

物联网(The Internet of Things,简称IoT)是新一代信息技术的重要组成部分,已广泛应用于经济社会发展的各个领域,如工业控制系统、智能家居、智慧城市等。随着物联网应用的爆发式增长,物联网设备被直接暴露在互联网中,成为了黑客攻击的重点目标,并引发了大量安全事件。在多源异构的物联网环境中,传统的入侵检测、防火墙等安全防护工具存在易漏报和易误报的问题。蜜罐作为一种新兴的主动防御技术,通过构建可控的诱饵环境,主动引导黑客攻击,能够捕获高质量的原始攻击数据,从而低误报地发现攻击威胁。本文通过调研大量物联网蜜罐文献,总结了物联网蜜罐的基本概念和技术发展主线,重点介绍了重定向、识别与反识别和数据分析三种关键技术。此外,本文提出了一种基于杀伤链模型的物联网蜜罐评估体系,实现相关蜜罐工作的对比分析,并讨论和展望了物联网蜜罐未来可能的研究方向。

Internet of Things(IoT)is an important part of the new generation information technology.It has been widely infiltrated into the national economy and social development in various fields,such as industrial control systems,smart home,and smart city.With the explosive growth of IoT applications,IoT devices are exposed on the Internet directly.It has become an attractive target for hackers and caused lots of security issues.For conventional security tools like intrusion detection systems(IDS)and firewalls,it’s prone to be high false alarm rate and hard to deploy in heterogeneous IoT environments.As a new initiative based on the defense network security technology,the honeypot builds a highly controlled environment to capture high-value primary data and discover threats with low false alarm rate.By analyzing relevant IoT honeypot systems and literature,this paper summarized some basic conception of IoT honeypots and the line of development in technology.Based on IoT honeypots,this paper introduced and discussed three technologies:redirection,recognition&counter-recognition and data analysis.Besides,this paper proposed a new IoT honeypot evaluation system based on the cyber kill chain to estimate related work and further discussed the research trend.