TY - GEN
T1 - Understanding fileless attacks on linux-based IoT devices with HoneyCloud
AU - Dang, Fan
AU - Li, Zhenhua
AU - Liu, Yunhao
AU - Zhai, Ennan
AU - Chen, Qi Alfred
AU - Xu, Tianyin
AU - Chen, Yan
AU - Yang, Jingyu
N1 - Publisher Copyright:
© 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2019/6/12
Y1 - 2019/6/12
N2 - With the wide adoption, Linux-based IoT devices have emerged as one primary target of today’s cyber attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such as malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacks—attacks that do not rely on malware files—have been increasing on Linux-based IoT devices, and posing significant threats to the security and privacy of IoT systems. Little has been known in terms of their characteristics and attack vectors, which hinders research and development efforts to defend against them. In this paper, we present our endeavor in understanding fileless attacks on Linux-based IoT devices in the wild. Over a span of twelve months, we deploy 4 hardware IoT honeypots and 108 specially designed software IoT honeypots, and successfully attract a wide variety of real-world IoT attacks. We present our measurement study on these attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts. Our study further leads to multi-fold insights towards actionable defense strategies that can be adopted by IoT vendors and end users.
AB - With the wide adoption, Linux-based IoT devices have emerged as one primary target of today’s cyber attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such as malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacks—attacks that do not rely on malware files—have been increasing on Linux-based IoT devices, and posing significant threats to the security and privacy of IoT systems. Little has been known in terms of their characteristics and attack vectors, which hinders research and development efforts to defend against them. In this paper, we present our endeavor in understanding fileless attacks on Linux-based IoT devices in the wild. Over a span of twelve months, we deploy 4 hardware IoT honeypots and 108 specially designed software IoT honeypots, and successfully attract a wide variety of real-world IoT attacks. We present our measurement study on these attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts. Our study further leads to multi-fold insights towards actionable defense strategies that can be adopted by IoT vendors and end users.
UR - http://www.scopus.com/inward/record.url?scp=85069192054&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85069192054&partnerID=8YFLogxK
U2 - 10.1145/3307334.3326083
DO - 10.1145/3307334.3326083
M3 - Conference contribution
AN - SCOPUS:85069192054
T3 - MobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services
SP - 482
EP - 493
BT - MobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services
PB - Association for Computing Machinery
T2 - 17th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2019
Y2 - 17 June 2019 through 21 June 2019
ER -