Chongqi Guan and Guohong Cao, The Pennsylvania State University
As Internet of Things (IoT) devices become widely deployed, they face numerous threats due to the inherent vulnerabilities and interconnected nature of these devices. One effective approach to enhancing IoT security is the deployment of honeypot systems, which can attract, engage, and deceive potential attackers, thereby exposing their attack methodologies and strategies. However, traditional honeypots often fail to effectively deceive attackers due to their inability to emulate the physical and network dependencies present in real-world IoT environments. Consequently, attackers can easily detect inconsistencies among the honeypots after launching attacks from multiple sources, spanning both cyber and physical domains, to verify device status. To address this challenge, we propose a Cyber-Physical Deception System (CPDS) capable of mimicking the intricate cyber-physical connections among IoT devices by coordinating various IoT honeypots. Specifically, we model the vulnerabilities of individual IoT devices by collecting and analyzing attack traces. We analyze the physical and network dependencies among IoT devices and formulate them as Prolog rules. Then, we coordinate the honeypots based on the attacker's actions and the dependency rules, ensuring cross-layer consistency among the honeypots. We implemented our deception system by leveraging software-defined networking, enhancing existing IoT honeypots, and configuring them to work in concert. Through online deployment, human evaluation on real attack scenario and extensive simulation experiments, we have demonstrated the effectiveness of CPDS in terms of fidelity and scalability.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
