AIDE – Frequently Asked Questions

What is the honeyfarm/AIDE platform designed for and how does AIDE work?

The honeyfarm/AIDE platform is designed to attract attacks from bot-nets, rather than sophisticated humans. These attacks are typically associated with IoT and IIoT devices.
A global network of honeyfarms act as decoys that lure the attacker in enabling techniques and progress to be assessed and then defended against in the real live environment.

If a device is added to the honeyfarm how is its behavour randomized so that it does not look like a singular device but multiple autonomous devices across the globe?

GCA have developed a technology known as ProxyPot* which emulates the physical device which is housed in a controlled environment. ProxyPot hashes the user requests and intelligently distributes it to the actual IoT device. The IoT attacker will be interacting with the physical IoT device enabling the attack methodology to be monitored and defense strategies deployed.|
*ProxyPot essentially acts as a reverse proxy between the internet and a cluster of IoT devices. ProxyPot itself is written in C++. GCA have also packaged the ProxyPot application into a small Docker container so can run on any operating system with Docker installed. By storing a list of devices within a database with their local IP addresses, ProxyPot can dynamically proxy public internet traffic through to one of the devices (if multiple devices share the same port then ProxyPot will hash the request and serve the same device to the same visitor). A technical overview on ProxyPot is available on request.

What is the high level architecture behind the honeyfarm?

How do I contribute a device to ProxyPot?

GCA works with IoT device manufacturers, smart cities and researchers to develop custom-made ProxyPot platforms. To contribute to this valuable work please contact us via the contact us form.

How do I gain access to the platform?

The attack data is aggregated into a common analysis platform that can be used by companies, academia, nonprofits and other entities to study IoT attack signatures, patterns and changes. Access to this platform is determined on a use case basis.
A publicly available daily data feeds can be downloaded from the AIDE home page. The feeds are Malware Hashes, URLs, IPs, Target Ports Attack Count, Distribution of Attacks by Country and Top Commands Executed.

AIDE Full Color Logo

To get in touch if you would like to contribute to the project: