Understanding fileless attacks on linux-based IoT devices with HoneyCloud

Fan Dang, Zhenhua Li*, Yunhao Liu, Ennan Zhai, Qi Alfred Chen, Tianyin Xu, Yan Chen, Jingyu Yang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Scopus citations

Abstract

With the wide adoption, Linux-based IoT devices have emerged as one primary target of today’s cyber attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such as malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacks—attacks that do not rely on malware files—have been increasing on Linux-based IoT devices, and posing significant threats to the security and privacy of IoT systems. Little has been known in terms of their characteristics and attack vectors, which hinders research and development efforts to defend against them. In this paper, we present our endeavor in understanding fileless attacks on Linux-based IoT devices in the wild. Over a span of twelve months, we deploy 4 hardware IoT honeypots and 108 specially designed software IoT honeypots, and successfully attract a wide variety of real-world IoT attacks. We present our measurement study on these attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts. Our study further leads to multi-fold insights towards actionable defense strategies that can be adopted by IoT vendors and end users.

Original languageEnglish (US)
Title of host publicationMobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services
PublisherAssociation for Computing Machinery, Inc
Pages482-493
Number of pages12
ISBN (Electronic)9781450366618
DOIs
StatePublished - Jun 12 2019
Event17th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2019 - Seoul, Korea, Republic of
Duration: Jun 17 2019Jun 21 2019

Publication series

NameMobiSys 2019 - Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services

Conference

Conference17th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys 2019
Country/TerritoryKorea, Republic of
CitySeoul
Period6/17/196/21/19

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Understanding fileless attacks on linux-based IoT devices with HoneyCloud'. Together they form a unique fingerprint.

Cite this