HoneyCam: Scalable High-Interaction Honeypot for IoT Cameras Based on 360-Degree Video

While IoT cameras have been widely deployed as part of many commercial and residential systems, there exist many threats to IoT camera-based systems due to their inherent vulnerabilities. An effective way to improve the security of IoT cameras is by deploying honeypots, which can be leveraged to engage and deceive the attackers. However, it is challenging to build a camera honeypot that realistically emulates an IoT camera. The camera honeypot not only needs to provide what appears to be a live video stream, but also react to camera control commands (e.g, zoom in/out, tilting, etc.) faithfully and with the expected latency. Existing systems use either real IoT cameras as the source of video streams, which incurs high setup cost and limited scalability because it requires a camera for every honeypot, or plays pre-recorded videos, which do not engage attackers because they do not allow interactions. To address these problems, this paper focuses on the design and evaluation of a scalable high-interaction IoT camera honeypot, called HoneyCam. To emulate IoT cameras, we prerecord $\boldsymbol{360}^{\mathrm{o}}$ video, and propose techniques to map the $\boldsymbol{360}^{\mathrm{o}}$ video to different fields of view based on the attacker's camera control commands. We evaluate the effectiveness and robustness of HoneyCam by deploying the system on the public Internet. Evaluation results show that HoneyCam can achieve a similar level of deception as those using real IoT cameras, but with better scalability and lower deployment cost. Moreover, it is covert against widely used reconnaissance and honeypot detection tools.