The number of Internet of Things devices, small low-powered devices with internet connectivity, is undergoing strong growth. As connected devices become the standard, more types of devices are connected to home networks and made accessible from the Internet for convenience. As IoT devices are widely deployed in mass numbers, they can be easily exploited once a vulnerability has been published. Many of these devices will never be updated and remain vulnerable for their entire lifespan. This has lead to the rise of IoT botnets, focusing specifically on low-powered devices connected to the Internet. Well known attacks such as those on Krebs on Security and Dyn show that IoT botnets are a serious threat to be reckoned with.

We introduce Honeytrack, a persistent scalable virtual high-interaction honeypot for the Internet of Things. Honeytrack aims to solve the limitations of the current available honeypots by providing the means to analyse adversaries in large networks. By using isolated containers for the high-interaction module, it allows for saving state for each adversary. In addition to that, the data collected by
Honeytrack allows for an in-depth analysis of every phase of an attack, going beyond the traditional malware-sample based research. By saving machine state, and binding this state to a certain attacker, we can serve attackers their “own” previously attacked honeypot, serving a large number of parallel adversaries at a time and allowing research into follow-up attacks.