University of Twente Student Theses

Login

Automatic detection of zero-day attacks in high-interaction IoT honeypots using static analysis techniques

Scholten, C.P.B. (2021) Automatic detection of zero-day attacks in high-interaction IoT honeypots using static analysis techniques.

[img] PDF
1MB
Abstract:In this research, we investigate a new type of honeypot for IoT firmware images that combines static analysis and firmware re-hosting tools to automatically detect vulnerabilities in firmware. The firmware re-hosting tool is used to host a honeypot in combination with debugging tools, such as GDB, to detect attacks targeting the vulnerabilities. Secondly, the honeypot allows to add debugging rules. These rules specify a vulnerable input source, verify that a vulnerability can be triggered and detect attacks targeting vulnerabilities for which no signature exists. Our solution is able to accurately detect vulnerabilities using either the static analysis or the manually added debugging rules. The evaluation of the honeypot data and proof-of-concept attacks showed that the manually added debugging rules are a useful solution for accurately detecting attacks novel attacks. Deployment of the system proved to be limited by the small subset of firmware images that can be emulated using firmware re-hosting tools and firmware images in which static analysis was able to discover vulnerabilities. Due to this limitation, the use of static analysis techniques for emulated IoT firmware does not provide sufficient benefits. Future work can be done to perform a more elaborate investigation of the custom debugging rules.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/88075
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page