Date of Award


Document Type


Degree Name

Master of Science in Computer Science


Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD


Exploding over the past decade, the number of Internet of Things (IoT) devices connected to the Internet jumped from 3.8 billion in 2015 to 17.8 billion in 2018. Because so many IoT devices remain upatched, unmonitored, and left on, they have become a tantalizing target for attackers to gain network access or add another device to their botnet. HoneyHive is a framework that uses distributed IoT honeypots as Network Intrusion Detection Systems (NIDS) sensors that beacon back to a centralized Command and Control (C2) server. The tests in this experiment involve four types of scans and four levels of active honeypots against the HoneyHive framework and a traditional NIDS on the simulated test network. This research successfully created a framework of distributed network intrusion detection IoT honeypot sensors that capture traffic, create alerts, and beacon back to a central C2 server. The HoneyHive framework successfully detected intrusions that traditional NIDS cannot through the use of distributed IoT honeypot sensors and packet capture aggregation.

AFIT Designator


DTIC Accession Number