Abstract
As more and more possible attack vectors for IoT and smarthome devices are becomingknown in recent years [57], it is more important than ever to understand these attack
vectors in order to protect oneself and one’s devices against them. For this purpose, a
honeypot infrastructure based on an existing laboratory infrastructure on the premises
of FHOÖ on the Campus in Hagenberg is to be created in this thesis. The honeypot infrastructure should automatically adapt to changes in the laboratory infrastructure and
thus always be as similar as possible to it. Attack attempts for which the real systems
could also be vulnerable are to be recorded. The collected data can be used to analyse and understand attack attempts. Furthermore, real systems can also be protected
against the recorded attack attempts.
To this end, various existing honeypot tools are evaluated in this work and different
approaches are developed and explained. The approach found to be best is developed
and tested, and its effectiveness evaluated.
The result is a tool that performs port scans on devices specified in a configuration
file of the laboratory infrastructure in order to create a configuration file for the honeypot
tool T-POT [29] with the information obtained from the scans. The tool is started with
the customised configuration and collects attack data.
The data obtained is analysed and the infrastructures are compared with each other
to test the effectiveness of the solution. Although there is still room for improvement,
the tool developed meets the basic requirements set for this thesis and some interesting
insights can be gained. The results of the evaluation and the information gathered about
the various honeypot tools can be very helpful for future work.
| Date of Award | 2025 |
|---|---|
| Original language | German (Austria) |
| Supervisor | Markus Zeilinger (Supervisor) |
Studyprogram
- Secure Information Systems