CandyPot

An Intelligent Honeypot for Heterogeneous IoT Devices using Reinforcement Learning

Report of my BTP Final Report can be found here.

This project is based on the paper IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices.

Requirements

• Python3
• socket
• netaddr (pip3 install netaddr)
• requests (pip3 install requests)

Files Summary

• iot_ip_addr_collector.ipynb
• server_template_for_request_response.py
• send_request_to_all_iot.py
• print_requests.py
• *_addr.dat
• port_*.dat
• response_from_iot.dat

Code/Files explained

• iot_ip_addr_collector.ipynb file contains the IoT Scanner. This works like a IoT crawler/search engine scanning random public IP addresses. If an IoT device is found then its IP:port is temporarily stored in a python set and later stored in the files *_addr.dat using python pickle. All the IPs scanned till now are stored in the file ips_checked.dat so that same IP is not scanned twice.

• server_template_for_request_response.py is the honeyoot listener instances that should be run on a public IP to attract the attackers. The requests sent by the attackers are stored in the files port_*.dat where * depends on the port on which the server is listening for attacks.

• send_request_to_all_iot.py sends all the requests stored in files port_*.dat to all the IoT devices through their IP addresses stored in the files *_addr.dat. All the responses received from the IoT devices are stored in the file response_from_iot.dat.

• Just for an example of the working of the honeypot, if the attacker requests us for the fiee login.cgi, a random response from response_from_iot.dat is sent to the attacker. This part will be the part where the RL can come inoo picture. Using a good learning model, the honeypot can learn which response should be sent to the attacker instead of random responses.

• print_requests.py file just prints all the requests received on some port till now.

---

All the code is super easy to understand, though I would like to refactor it.