Design, Implementation, and Operation of a Mobile Honeypot
This addresses the need for better security monitoring in mobile networks, which are vulnerable due to limited resources and sensitive data, but it is incremental as it builds on existing honeypot concepts.
The paper tackles the problem of analyzing unsolicited traffic to mobile devices and comparing it with wired Internet access by designing and implementing a mobile honeypot deployed on standard hardware for over 1.5 years, with preliminary measurement results presented.
Mobile nodes, in particular smartphones are one of the most relevant devices in the current Internet in terms of quantity and economic impact. There is the common believe that those devices are of special interest for attackers due to their limited resources and the serious data they store. On the other hand, the mobile regime is a very lively network environment, which misses the (limited) ground truth we have in commonly connected Internet nodes. In this paper we argue for a simple long-term measurement infrastructure that allows for (1) the analysis of unsolicited traffic to and from mobile devices and (2) fair comparison with wired Internet access. We introduce the design and implementation of a mobile honeypot, which is deployed on standard hardware for more than 1.5 years. Two independent groups developed the same concept for the system. We also present preliminary measurement results.