Scalable Hybrid Honeypot Infrastructure for IoT Threat Intelligence and Response (NSoE)

Large-scale malware campaigns against IoT are a major threat to critical infrastructures. Due to the heterogeneity of IoT devices and the massive numbers of devices, it is challenging to foresee new attack waves. In this project we propose to build a hybrid (low and high interaction) honeypot, designed to scale to various kinds of devices, and to collect real-time data on attacks running on the wild. This data will be analyzed using lean machine-learning based techniques, in order to effectively provide threat intelligence on known and possibly unknown attacks. The honeypot will integrate data from other initiatives (such as the one hosted by the Global Cybersecurity Alliance) and will also provide threat intelligence as a service.