Scalable VPN-forwarded Honeypots: Dataset and Threat Intelligence Insights

After distributed denial-of-service attacks by the Mirai malware in 2016, large-scale attacks exploiting IoT devices raise significant security concerns for the stakeholders involved. The efficacy of setting up honeypots to survey the threat landscape and for early detection of threats to IoT devices is evident. However, the availability of dataset collected by these IoT honeypots to advance research on IoT security has been scarce and limited. With this paper, we contribute network traffic dataset collected by a high-interaction IoT honeypots deployed in the wild for 1.5 years during 2017-2018. The honeypots are manifested on 40 public IP addresses in the wild while forwarding the traffic to 11 real IoT devices. Using Zeek tool, the dataset is generated in JSON format from 258,871 PCAP files resulting more than 81.5 million logs. To foster further research, the attacks, exploitation and intrusion attempts present in the dataset as well as threat intelligence insights are provided with an aid of an open-source threat-hunting and security monitoring platform.