Intelligent Insight into IoT Threats: Leveraging Advanced Analytics with Honeypots for Anomaly Detection

In the modern era, the rise of the Internet of Things has sparked apprehensions regarding the security of interconnected embedded devices. This has underscored the urgency of devising effective and efficient approaches to identify vulnerabilities within IoT devices, aiming to rectify them proactively before potential exploitation by malicious actors. Within conventional IT security practices, honeypots serve as a prevalent method for comprehending the evolving threat landscape while safeguarding vital assets from exposure. We have devised an inventive method for constructing a honeypot tailored specifically for IoT devices. We are employing a rogue access point to establish a connection, allowing us to SSH into our router, which serves as an IoT honeypot. Within this honeypot environment, we aim to capture logs, specifically focusing on password-guessing attacks. Subsequently, we analyze HTTP logs generated by the router to gain insights into the attacker's activities and behavior. Furthermore, with the attacker HTTP logs, we have performed anomaly detection and analysis where inferences on attacker behavior, and common IoT cyber-attacks can be concluded. We have obtained an accuracy of 87% using the Isolation Forest algorithm.