Malware on IoT
A project to analyze and gather malware attacks on iot devices
The Aposemat project is a join project with Avast Software company to create, publish and analyze malware attacks on IoT devices. The project started on February 2018.
The goals of the project are to:
Create a laboratory of IoT devices ready to be infected and attacked
Obtain and use real IoT malware to infect the devices and store the datasets. Each dataset is at least one week long.
To analyze the behaviors in the network in order to find new attacks, new variants of malware and better understand how the malware evolves.
Help the community be more prepare to protect themselves from IoT malware.
To install and maintain a network of Honeypots of real IoT devices to better study the impact of attacks on real life situations. The list of devices used as honeypots includes Raspberry Pies, NAS storages, different routers, IP cameras, computers for controlling robots, Alexa Echo devices, Philips Hue lamps, etc.
During 2018 we have been capturing more than 600 IoT malware captures and Honeypot captures, we have analyzed dozens of families and we have work on the development of detection algorithms.
Datasets and access
The datasets created in the project will be published from time to time in this webpage. We will link here the resources for you to download.
The analysis of the datasets will be posted as blog entries here in this webpage also.
Attacker IP Prioritization Blacklist for Aposemat
The Attacker IP Prioritization Blacklist, or AIP Blacklist, is a blacklist of IP addresses generated from the attacks made on the honeypots in our IoT lab. It updates everyday at 12:00 based on the data collected from the previous 24 hours. The list is generated by a custom python program that that uses seven characteristics found for each attacking IP to rate them from most dangerous and active to least. The current days blacklist, along with each days blacklist since the program was started can be found with the other published data sets for Aposemat. The exact method used to generate this blacklist will be outlined in a blog entry on this page.
Datasets will be updated and published in Malware on IoT Dataset
Maria Jose Erquiaga