SDN-based In-network Honeypot: Preemptively Disrupt and Mislead Attacks in IoT Networks
This addresses security threats in IoT networks to prevent physical disruptions, but it appears incremental as it builds on existing honeypot and SDN concepts.
The paper tackles the problem of detecting and preventing cyber attacks in IoT networks by proposing an SDN-based in-network honeypot that reroutes and spoofs traffic to disrupt and mislead adversaries early, with preliminary evaluations showing minimal impact on network performance.
Detecting cyber attacks in the network environments used by Internet-of-things (IoT) and preventing them from causing physical perturbations play an important role in delivering dependable services. To achieve this goal, we propose in-network Honeypot based on Software-Defined Networking (SDN) to disrupt and mislead adversaries into exposures while they are in an early stage of preparing an attack. Different from traditional Honeypot requiring dedicated hardware setup, the in-network Honeypot directly reroutes traffic from suspicious nodes and intelligently spoofs the network traffic to them by adding misleading information into normal traffic. Preliminary evaluations on real networks demonstrate that the in-network Honeypot can have little impacts on the performance of IoT networks.