Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation

Sáez-de-Cámara, Xabier; Zurutuza, Urko

dc.rights.license	Attribution 4.0 International	*
dc.contributor.author	Sáez-de-Cámara, Xabier
dc.contributor.author	Zurutuza, Urko
dc.contributor.other	Flores, José Luis
dc.contributor.other	Arellano, Cristóbal
dc.contributor.other	Urbieta, Aitor
dc.date.accessioned	2023-02-27T16:36:52Z
dc.date.available	2023-02-27T16:36:52Z
dc.date.issued	2023
dc.identifier.issn	1941-0018	en
dc.identifier.other	https://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=171730	en
dc.identifier.uri	https://hdl.handle.net/20.500.11984/6000
dc.description.abstract	The growing adoption of the Internet of Things (IoT) has brought a significant increase in attacks targeting those devices. Machine learning (ML) methods have shown promising results for intrusion detection; however, the scarcity of IoT datasets remains a limiting factor in developing ML-based security systems for IoT scenarios. Static datasets get outdated due to evolving IoT architectures and threat landscape; meanwhile, the testbeds used to generate them are rarely published. This paper presents the Gotham testbed, a reproducible and flexible security testbed extendable to accommodate new emulated devices, services or attackers. Gotham is used to build an IoT scenario composed of 100 emulated devices communicating via MQTT, CoAP and RTSP protocols, among others, in a topology composed of 30 switches and 10 routers. The scenario presents three threat actors, including the entire Mirai botnet lifecycle and additional red-teaming tools performing DoS, scanning, and attacks targeting IoT protocols. The testbed has many purposes, including a cyber range, testing security solutions, and capturing network and application data to generate datasets. We hope that researchers can leverage and adapt Gotham to include other devices, state-of-the-art attacks and topologies to share scenarios and datasets that reflect the current IoT settings and threat landscape.	en
dc.description.sponsorship	Comisión Europea	es
dc.description.sponsorship	Gobierno de España	es
dc.description.sponsorship	Gobierno Vasco-Eusko Jaurlaritza	es
dc.language.iso	eng	en
dc.publisher	IEEE	en
dc.rights	© 2023 IEEE	en
dc.rights.uri	http://creativecommons.org/licenses/by/4.0/	*
dc.subject	Internet of Things	en
dc.subject	Botnet	en
dc.subject	Protocols	en
dc.subject	security	en
dc.subject	malware	en
dc.subject	Servers	en
dc.subject	Sensors	en
dc.subject	emulation	en
dc.subject	machine learning	en
dc.subject	network security	en
dc.subject	testbed	en
dc.title	Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation	en
dcterms.accessRights	http://purl.org/coar/access_right/c_abf2	en
dcterms.source	IEEE Transactions on Dependable and Secure Computing	en
local.contributor.group	Análisis de datos y ciberseguridad	es
local.description.peerreviewed	true	en
local.identifier.doi	https://doi.org/10.1109/TDSC.2023.3247166	en
local.relation.projectID	info:eu-repo/grantAgreement/EC/H2020/No 101021911/EU/A Cognitive Detection System for Cybersecure Operational/IDUNN	en
local.relation.projectID	info:eu-repo/grantAgreement/GE/Ayudas Cervera para Centros Tecnológicos CDTI 2019/CER-20191012/ES/Red de Excelencia en Tecnologías de Seguridad y Privacidad/EGIDA	en
local.relation.projectID	info:eu-repo/grantAgreement/GV/Elkartek 2021/KK-2021-00091/CAPV/REal tiME control and embeddeD securitY/REMEDY	en
local.relation.projectID	info:eu-repo/grantAgreement/GV/Ikertalde Convocatoria 2022-2025/IT1676-22/CAPV/Grupo de sistemas inteligentes para sistemas industriales/	en
local.contributor.otherinstitution	https://ror.org/03hp1m080	es
oaire.format.mimetype	application/pdf
oaire.file	$DSPACE\assetstore
oaire.resourceType	http://purl.org/coar/resource_type/c_6501	en
oaire.version	http://purl.org/coar/version/c_ab4af688f83e57aa	en