HoneyThing: A New Honeypot Design for CPE Devices

Creative Commons License

Erdem O., Pektas A., Kara A.

KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, vol.12, no.9, pp.4512-4526, 2018 (Journal Indexed in SCI) identifier identifier

  • Publication Type: Article / Article
  • Volume: 12 Issue: 9
  • Publication Date: 2018
  • Doi Number: 10.3837/tiis.2018.09.021
  • Page Numbers: pp.4512-4526


The Internet of Things (IoT) has become an emerging industry that is broadly used in many fields from industrial and agricultural manufacturing to home automation and hospitality industry. Because of the sheer number of connected devices transmitting valuable data, the IoT infrastructures have become a main target for cyber-criminals. One of the key challenges in protecting IoT devices is the lack of security measures by design. Although there are many hardware and software based security solutions (firewalls, honeypots, IPDS, anti-virus etc.) for information systems, most of these solutions cannot be applied to IoT devices because of the fact that IoT devices have limited computing resources (CPU, RAM,). In this paper, we propose a honeypot system called HoneyThing for modem/router devices (i.e. a kind of IoT device). HoneyThing emulates TR-069 protocol which is prevalent protocol used to remotely manage customer-premises equipment (CPE) devices, e.g. modems, routers. Honeything also serves an embedded web server simulating a few actual, critical vulnerabilities associated with the implementation of TR-069 protocol. To show effectiveness of the HoneyThing in capturing real world attacks, we have deployed it in the Internet. The obtained results are highly promising and facilitate to reveal network attacks targeting to CPE devices.