TY - JOUR
T1 - IoTFlowGenerator
T2 - 36th International Florida Artificial Intelligence Research Society Conference, FLAIRS-36 2023
AU - Bao, Joseph
AU - Kantarcioglu, Murat
AU - Vorobeychik, Yevgeniy
AU - Kamhoua, Charles
N1 - Publisher Copyright:
© 2023 by the authors. All rights reserved.
PY - 2023
Y1 - 2023
N2 - Over the years, honeypots emerged as an important security tool to understand attacker intent and deceive attackers to spend time and resources. Recently, honeypots are being deployed for Internet of things (IoT) devices to lure attackers, and learn their behavior. However, most of the existing IoT honeypots, even the high interaction ones, are easily detected by an attacker who can observe honeypot traffic due to lack of real network traffic originating from the honeypot. This implies that, to build better honeypots and enhance cyber deception capabilities, IoT honeypots need to generate realistic network traffic flows. To achieve this goal, we propose a novel deep learning based approach for generating traffic flows that mimic real network traffic due to user and IoT device interactions. A key technical challenge that our approach overcomes is scarcity of device-specific IoT traffic data to effectively train a generator. We address this challenge by leveraging a core generative adversarial learning algorithm for sequences along with domain specific knowledge common to IoT devices. Through an extensive experimental evaluation with 18 IoT devices, we demonstrate that the proposed synthetic IoT traffic generation tool significantly outperforms state of the art sequence and packet generators in remaining indistinguishable from real traffic even to an adaptive attacker.
AB - Over the years, honeypots emerged as an important security tool to understand attacker intent and deceive attackers to spend time and resources. Recently, honeypots are being deployed for Internet of things (IoT) devices to lure attackers, and learn their behavior. However, most of the existing IoT honeypots, even the high interaction ones, are easily detected by an attacker who can observe honeypot traffic due to lack of real network traffic originating from the honeypot. This implies that, to build better honeypots and enhance cyber deception capabilities, IoT honeypots need to generate realistic network traffic flows. To achieve this goal, we propose a novel deep learning based approach for generating traffic flows that mimic real network traffic due to user and IoT device interactions. A key technical challenge that our approach overcomes is scarcity of device-specific IoT traffic data to effectively train a generator. We address this challenge by leveraging a core generative adversarial learning algorithm for sequences along with domain specific knowledge common to IoT devices. Through an extensive experimental evaluation with 18 IoT devices, we demonstrate that the proposed synthetic IoT traffic generation tool significantly outperforms state of the art sequence and packet generators in remaining indistinguishable from real traffic even to an adaptive attacker.
UR - https://www.scopus.com/pages/publications/85161456116
U2 - 10.32473/flairs.36.133376
DO - 10.32473/flairs.36.133376
M3 - Conference article
AN - SCOPUS:85161456116
SN - 2334-0754
VL - 36
JO - Proceedings of the International Florida Artificial Intelligence Research Society Conference, FLAIRS
JF - Proceedings of the International Florida Artificial Intelligence Research Society Conference, FLAIRS
Y2 - 14 May 2023 through 17 May 2023
ER -