The honeyfarm/AIDE platform is designed to attract attacks from bot-nets, rather than sophisticated humans. These attacks are typically associated with IoT and IIoT devices.
A global network of honeyfarms act as decoys that lure the attacker in enabling techniques and progress to be assessed and then defended against in the real live environment.
GCA have developed a technology known as ProxyPot* which emulates the physical device which is housed in a controlled environment. ProxyPot hashes the user requests and intelligently distributes it to the actual IoT device. The IoT attacker will be interacting with the physical IoT device enabling the attack methodology to be monitored and defense strategies deployed.|
*ProxyPot essentially acts as a reverse proxy between the internet and a cluster of IoT devices. ProxyPot itself is written in C++. GCA have also packaged the ProxyPot application into a small Docker container so can run on any operating system with Docker installed. By storing a list of devices within a database with their local IP addresses, ProxyPot can dynamically proxy public internet traffic through to one of the devices (if multiple devices share the same port then ProxyPot will hash the request and serve the same device to the same visitor). A technical overview on ProxyPot is available on request.
GCA works with IoT device manufacturers, smart cities and researchers to develop custom-made ProxyPot platforms. To contribute to this valuable work please contact us via the contact us form.
The attack data is aggregated into a common analysis platform that can be used by companies, academia, nonprofits and other entities to study IoT attack signatures, patterns and changes. Access to this platform is determined on a use case basis.
A publicly available daily data feeds can be downloaded from the AIDE home page. The feeds are Malware Hashes, URLs, IPs, Target Ports Attack Count, Distribution of Attacks by Country and Top Commands Executed.
To get in touch if you would like to contribute to the project:
