Measurements of compromised IoT devices from blackhole and honeypot

The Internet of Things is becoming more and more popular. From surveillance video cameras to internet connected mattresses, manufacturers are rapidly moving into the gap. These devices are an answer to a simple need and, somehow, their cost and energy efficiency must be optimized. Consequently, they are usually build without even considering security and privacy aspects. This work essentially focuses on a particular IoT malware, namely Mirai. First, as a primer, we will review essential theoretical notions ranging from the description of IoT to the complexity of high-interaction honeypots. Then, we will observe network traffic collected from a blackhole. This traffic will present uncommon properties touching the transport layer as well as the network layer of the OSI model. Finally, thanks to our honeypot, we will switch to a more interactive data collection where tendencies and behaviours can be deeply analysed. We will be able to see the evolution of the malware and its different versions, as well as an estimation of the location of infected devices.