Date of Award


Document Type


Degree Name

Master of Science in Cyber Operations


Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD


The Internet of Things (IoT) is growing at an alarming rate. It is estimated that there will be over 25 billion IoT devices by 2020. The simplicity of their function usually means that IoT devices have low processing power, which prevent them from having intricate security features, leading to vulnerabilities. This makes IoT devices the prime target of attackers in the coming years. Honeypots are intentionally vulnerable machines that run programs which appear as a vulnerable device to a would-be attacker. They are placed on a network to entice and trap an attacker and then gather information on them, including place of origin and method of attack. Due to their prevalence and propensity for having vulnerabilities, IoT devices are a perfect candidate for honeypots placed on a network. Honeyd is popular open-source software written by Niels Provos that creates lowinteraction virtual honeypots. It is able to simulate everything at the network level, allow the user to create various Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) services, and allow Operating System (OS) simulation for scanning tools such as Nmap. This research seeks to determine if Honeyd is capable of producing convincing IoT honeypots. Three IoT devices: a TITAThink camera, a Proliphix thermostat, and an ezOutlet2 power outlet, had their Hypertext-Transfer Protocol (HTTP) services simulated through Python scripts and integrated with Honeyd to create three IoT honeypots. These honeypots were then compared to the actual devices to determine how similar they were. The devices and honeypots are both queried in the exact same manner and have their response times, code, headers, and Nmap scan results compared to see how they differ.

AFIT Designator


DTIC Accession Number