Litcius/Paper detail

Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation

Xabier Sáez-de-Cámara, José Luis Flores, Cristóbal Arellano, Aitor Urbieta, Urko Zurutuza

2023IEEE Transactions on Dependable and Secure Computing29 citationsDOIOpen Access PDF

Abstract

The growing adoption of the Internet of Things (IoT) has brought a significant increase in attacks targeting those devices. Machine learning (ML) methods have shown promising results for intrusion detection; however, the scarcity of IoT datasets remains a limiting factor in developing ML-based security systems for IoT scenarios. Static datasets get outdated due to evolving IoT architectures and threat landscape; meanwhile, the testbeds used to generate them are rarely published. This paper presents the Gotham testbed, a reproducible and flexible security testbed extendable to accommodate new emulated devices, services or attackers. Gotham is used to build an IoT scenario composed of 100 emulated devices communicating via MQTT, CoAP and RTSP protocols, among others, in a topology composed of 30 switches and 10 routers. The scenario presents three threat actors, including the entire Mirai botnet lifecycle and additional red-teaming tools performing DoS, scanning, and attacks targeting IoT protocols. The testbed has many purposes, including a cyber range, testing security solutions, and capturing network and application data to generate datasets. We hope that researchers can leverage and adapt Gotham to include other devices, state-of-the-art attacks and topologies to share scenarios and datasets that reflect the current IoT settings and threat landscape.

Topics & Concepts

TestbedComputer scienceBotnetIntrusion detection systemComputer securityNetwork topologyMQTTLeverage (statistics)Internet of ThingsComputer networkThe InternetArtificial intelligenceWorld Wide WebNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesSoftware-Defined Networks and 5G