Together with Avast company, we aim to protect IoT devices by analyzing, executing, and detecting attacks and malware. The project leverages real IoT devices that are infected and attacked constantly, including routers, Raspberry Pi's, Alexa and other devices.
The Aposemat project is a join project of Stratosphere Lab (AIC) and Avast Software company to create, publish and analyze malware attacks on IoT devices. The project started on February 2018. During that year the researchers have been capturing more than 600 IoT malware captures and Honeypot captures, analyzed dozens of families and worked on the development of detection algorithms.
Goals of the project
- Create a laboratory of IoT devices ready to be infected and attacked.
- Obtain and use real IoT malware to infect the devices and store the datasets. Each dataset is at least one week long (all datasets can be found on the Aposemat website).
- Analyze the behaviors in the network in order to find new attacks, new variants of malware and better understand how the malware evolves.
- Help the community be more prepare to protect themselves from IoT malware.
- Install and maintain a network of Honeypots of real IoT devices to better study the impact of attacks on real life situations. The list of devices used as honeypots includes Raspberry Pies, NAS storages, different routers, IP cameras, computers for controlling robots, Alexa Echo devices, Philips Hue lamps, etc.
From the attacks made on the honeypots in the IoT lab a blacklist of IP addresses was generated called The Attacker IP Prioritization Blacklist, or AIP Blacklist. It updates everyday at 12:00 based on the data collected from the previous 24 hours. The list is generated by a custom python program that that uses seven characteristics found for each attacking IP to rate them from most dangerous and active to least. The current days blacklist, along with each days blacklist since the program was started can be found with the other published data sets for Aposemat.