Introducing Falcom: A Multifunctional High-Interaction Honeypot Framework for Industrial and Embedded Applications

摘要

Falcom is a high-interaction honeypot that provides a full fledged operating system, maximizing its interaction with an attacker and aiming at embedded architectures. Since poorly secured embedded devices and Internet of Things applications form a profitable matrix for criminal activity, a deeper understanding of the existent risks is needed. Threat intelligence is crucial to increase the security in terms of prevention, detection and mitigation of attacks. Honeypots are a well establish technology that provide more insights about the behavior of adversaries by luring attacks into a monitored decoy. Any interaction with this decoy is suspicious and forwarded for further investigation. By analyzing the observed attack parameters it is possible to reveal recent trends, new attack vectors and ongoing intrusion attempts. Since embedded systems are the focus of the proposed honeypot, CPU architectures, as well as system resources are chosen to imitate embedded devices. In the reference implementation, the authentication mechanism is prone to brute-force and dictionary attacks.