Javier Carrillo-Mondejar Javier Carrillo-Mondejar,José Roldán-Gómez Javier Carrillo-Mondejar,Juan Manuel Castelo Gómez José Roldán-Gómez,Sergio Ruiz Villafranca Juan Manuel Castelo Gómez,Guillermo Suarez-Tangil Sergio Ruiz Villafranca

DOI: https://doi.org/10.53106/160792642024012501010

2024-01-01

網際網路技術學刊

Abstract:Since the inception of the Internet of Things (IoT), the security measures implemented on its devices have been too weak to ensure the appropriate protection of the data that they handle. Appealed by this, cybercriminals continuously seek out for vulnerable units to control, leading to attacks spreading through networks and infecting a high number of devices. On top of that, while the IoT has evolved to provide a higher degree of security, the techniques used by attackers have done so as well, which has led to the need of continuously studying the way in which these attacks are performed to gather significant knowledge for the development of the pertinent security measures. In view of this, we analyze the state of IoT attacks by developing a high-interaction honeypot for SSH and Telnet services that simulates a custom device with the ARM architecture. This study is carried out in two steps. Firstly, we analyze and classify the interaction between the attacker and the devices by clustering the commands that they sent in the compromised Telnet and SSH sessions. Secondly, we study the malware samples that are downloaded and executed in each session and classify them based on the sequence of system calls that they execute at runtime. In addition, apart from studying the active data generated by the attacker, we extract the information that is left behind after a connection with the honeypot by inspecting the metadata associated with it. In total, more than 1,578 malicious samples were collected after 9,926 unique IP addresses interacted with the system, with the most downloaded malware family being Hajime, with 70.5% of samples belonging to it, and also detecting others such as Mirai, Gafgyt, Dofloo and Xorddos.  

computer science, information systems,telecommunications

Yiwen Xu,Yu Jiang,Lu Yu,Juan Li

DOI: https://doi.org/10.1109/rtas52030.2021.00045

2021-01-01

Abstract:Constantly increasing botnets powered by vulnerable IoT devices perform record-breaking DDoS attacks to critical infrastructures. Therefore, it is imperative to find vulnerabilities in IoT devices ahead of attackers. In this paper, we first present a systematic analysis on various kinds of IoT malware to further explore the challenges of IoT Honeypot design. We then propose HoneyIoT, a scalable IoT Honeypot framework, which aims at attracting IoT attacks and recording malicious behaviors with configurable vulnerabilities and firmware support. During a 7day real-world industrial experiment, HoneyIoT observed over 12,500 malicious connections and 3,423 distinct login attempts.

Weizhe Zhang,Bin Zhang,Ying Zhou,Hui He,Zeyu Ding

DOI: https://doi.org/10.1109/jiot.2019.2956173

IF: 10.6

2020-05-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) devices are vulnerable against attacks because of their limited network resources and complex operating systems. Thus, a honeypot is a good method of capturing malicious requests and collecting malicious samples but is rarely used on the IoT. Accordingly, this article implements three kinds of honeypots to capture malicious behaviors. First, on the basis of the CVE-2017–17215 vulnerability, we implement a medium-high interaction honeypot that can simulate a specific series of router UPnP services. It has functions, such as service simulation, log recording, malicious sample download, and service self-check. Second, given the limited details available for the simulated UPnP service and to help the honeypot respond to unrecognizable malicious requests, we use the actual IoT device firmware that matches the vulnerability to build a high-interaction honeypot. In addition, we investigate the most exposed SOAP service ports and design corresponding multiport honeypot to improve the capacity of the honeynet, providing a hybrid service from a real device and simulating honeypots. The Docker in the honeynet, which reduces the volume of the honeypot and realizes the rapid deployment of the honeynet, encapsulates all these honeypots. Moreover, the honeynet control center is simultaneously designed to distribute commands and transfer files to each physical node in the honeynet. We implemented the proposed honeynet system and deployed it in practice. We have successfully caught many unknown malicious attacks excluded in the VT, which proved the effectiveness of the proposed framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Armin Ziaie Tabari,Xinming Ou,Anoop Singhal

DOI: https://doi.org/10.48550/arXiv.2112.10974

2021-12-21

Abstract:The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. In this work, by observing real-world attackers' behavior in a low-interaction honeypot ecosystem, we (1) presented a new approach to creating a multi-phased, multi-faceted honeypot ecosystem, which gradually increases the sophistication of honeypots' interactions with adversaries, (2) designed and developed a low-interaction honeypot for cameras that allowed researchers to gain a deeper understanding of what attackers are targeting, and (3) devised an innovative data analytics method to identify the goals of adversaries. Our honeypots have been active for over three years. We were able to collect increasingly sophisticated attack data in each phase. Furthermore, our data analytics points to the fact that the vast majority of attack activities captured in the honeypots share significant similarity, and can be clustered and grouped to better understand the goals, patterns, and trends of IoT attacks in the wild.

Cryptography and Security,Machine Learning

Armin Ziaie Tabari,Xinming Ou

DOI: https://doi.org/10.48550/arXiv.2003.01218

2020-03-03

Abstract:With the rapid growth of Internet of Things (IoT) devices, it is imperative to proactively understand the real-world cybersecurity threats posed to them. This paper describes our initial efforts towards building a honeypot ecosystem as a means to gathering and analyzing real attack data against IoT devices. A primary condition for a honeypot to yield useful insights is to let attackers believe they are real systems used by humans and organizations. IoT devices pose unique challenges in this respect, due to the large variety of device types and the physical-connectedness nature. We thus create a multiphased approach in building a honeypot ecosystem, where researchers can gradually increase a low-interaction honeypot's sophistication in emulating an IoT device by observing real-world attackers' behaviors. We deployed honeypots both on-premise and in the cloud, with associated analysis and vetting infrastructures to ensure these honeypots cannot be easily identified as such and appear to be real systems. In doing so we were able to attract increasingly sophisticated attack data. We present the design of this honeypot ecosystem and our observation on the attack data so far. Our data shows that real-world attackers are explicitly going after IoT devices, and some captured activities seem to involve direct human interaction (as opposed to scripted automatic activities). We also build a low interaction honeypot for IoT cameras, called Honeycamera, that present to attackers seemingly real videos. This is our first step towards building a more comprehensive honeypot ecosystem that will allow researchers to gain concrete understanding of what attackers are going after on IoT devices, so as to more proactively protect them.

Cryptography and Security

Irini Lygerou,Shreyas Srinivasa,Emmanouil Vasilomanolakis,George Stergiopoulos,Dimitris Gritzalis

DOI: https://doi.org/10.1007/s10207-022-00605-7

2022-08-08

International Journal of Information Security

Abstract:The exponential growth of internet connected devices in this past year has led to a significant increase in IoT targeted attacks. The lack of proper integration of security in IoT development life cycle along with a plethora of different protocols (e.g., Zigbee, LoRa, MQTT, etc.) have greatly impacted the resilience of such devices against cyber-attacks, a fact also exacerbated by the size and physical hardware structure of these devices. Thus, it is imperative to develop effective and efficient countermeasures that can also be applied post-production to help build resilience in modern IoT systems. Honeypots are prime example of this notion. Being designed to act as vulnerable computer components or systems, they provide useful intelligence regarding potential attackers. Nevertheless, honeypots have seen little use in protection IoT systems and their underlying protocols, especially in cases where honeypots can leverage the decentralized nature of IoT. In this research, we enhance the HosTaGe honeypot to build an IoT protocol honeypot that runs over mobile devices. The purpose of this paper is to introduce a honeypot specifically for IoT communication protocols over public networks that is easy-to-use and utilizes Android devices. The protocol honeypot utilizes the cellular network to establish decentralized, simulated infrastructures of IoT systems over different types of IoT network protocols. We test four IoT network implementations, one for each of the newly implemented MQTT, CoAP and AMQP protocols. Additionally, we upgrade existing Telnet and SSH protocols used in IoT systems to work over the simulated mobile honeypot. We use the virtualized honeypot networks to capture log, and analyze real-world public attacks on these protocols from the internet and provide an interface for interaction with the implemented honeypot.

computer science, information systems, theory & methods, software engineering

Valentino Crespi,Wes Hardaker,Sami Abu-El-Haija,Aram Galstyan

DOI: https://doi.org/10.48550/arXiv.2104.10232

2021-04-21

Abstract:Computer security has been plagued by increasing formidable, dynamic, hard-to-detect, hard-to-predict, and hard-to-characterize hacking techniques. Such techniques are very often deployed in self-propagating worms capable of automatically infecting vulnerable computer systems and then building large bot networks, which are then used to launch coordinated attacks on designated targets. In this work, we investigate novel applications of Natural Language Processing (NLP) methods to detect and correlate botnet behaviors through the analysis of honeypot data. In our approach we take observed behaviors in shell commands issued by intruders during captured internet sessions and reduce them to collections of stochastic processes that are, in turn, processed with machine learning techniques to build classifiers and predictors. Our technique results in a new ability to cluster botnet source IP address even in the face of their desire to obfuscate their penetration attempts through rapid or random permutation techniques.

Cryptography and Security

Volviane Saphir Mfogo,Alain Zemkoho,Laurent Njilla,Marcellin Nkenlifack,Charles Kamhoua

DOI: https://doi.org/10.48550/arXiv.2303.12367

2023-03-22

Abstract:The proliferation of the Internet of Things (IoT) has raised concerns about the security of connected devices. There is a need to develop suitable and cost-efficient methods to identify vulnerabilities in IoT devices in order to address them before attackers seize opportunities to compromise them. The deception technique is a prominent approach to improving the security posture of IoT systems. Honeypot is a popular deception technique that mimics interaction in real fashion and encourages unauthorised users (attackers) to launch attacks. Due to the large number and the heterogeneity of IoT devices, manually crafting the low and high-interaction honeypots is not affordable. This has forced researchers to seek innovative ways to build honeypots for IoT devices. In this paper, we propose a honeypot for IoT devices that uses machine learning techniques to learn and interact with attackers automatically. The evaluation of the proposed model indicates that our system can improve the session length with attackers and capture more attacks on the IoT network.

Cryptography and Security,Machine Learning,Optimization and Control

Chongqi Guan,Heting Liu,Guohong Cao,Sencun Zhu,Thomas La Porta

DOI: https://doi.org/10.48550/arXiv.2305.06430

2023-05-10

Cryptography and Security

Abstract:As IoT devices are becoming widely deployed, there exist many threats to IoT-based systems due to their inherent vulnerabilities. One effective approach to improving IoT security is to deploy IoT honeypot systems, which can collect attack information and reveal the methods and strategies used by attackers. However, building high-interaction IoT honeypots is challenging due to the heterogeneity of IoT devices. Vulnerabilities in IoT devices typically depend on specific device types or firmware versions, which encourages attackers to perform pre-attack checks to gather device information before launching attacks. Moreover, conventional honeypots are easily detected because their replying logic differs from that of the IoT devices they try to mimic. To address these problems, we develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT. We first build a real device based attack trace collection system to learn how attackers interact with IoT devices. We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers based on the attack trace. We also use differential analysis techniques to mutate response values in some fields to generate high-fidelity responses. HoneyIoT has been deployed on the public Internet. Experimental results show that HoneyIoT can effectively bypass the pre-attack checks and mislead the attackers into uploading malware. Furthermore, HoneyIoT is covert against widely used reconnaissance and honeypot detection tools.

Javier Franco,Ahmet Aris,Berk Canberk,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.2108.02287

2021-08-04

Cryptography and Security

Abstract:The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems - IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.

Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Fan Dang,Zhenhua Li,Yunhao Liu,Ennan Zhai,Qi Alfred Chen,Tianyin Xu,Yan Chen,Jingyu Yang

DOI: https://doi.org/10.1145/3307334.3326083

2019-06-12

Abstract:With the wide adoption, Linux-based IoT devices have emerged as one primary target of today's cyber attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such as malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacks---attacks that do not rely on malware files---have been increasing on Linux-based IoT devices, and posing significant threats to the security and privacy of IoT systems. Little has been known in terms of their characteristics and attack vectors, which hinders research and development efforts to defend against them. In this paper, we present our endeavor in understanding fileless attacks on Linux-based IoT devices in the wild. Over a span of twelve months, we deploy 4 hardware IoT honeypots and 108 specially designed software IoT honeypots, and successfully attract a wide variety of real-world IoT attacks. We present our measurement study on these attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts. Our study further leads to multi-fold insights towards actionable defense strategies that can be adopted by IoT vendors and end users.

Ashley Woodiss-Field,Michael N. Johnstone,Paul Haskell-Dowland

DOI: https://doi.org/10.3390/s24031027

IF: 3.9

2024-02-06

Sensors

Abstract:A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were created to test these techniques on traditional and IoT-based networks, with multiple scenarios differentiated by the total number of hosts, the total number of infected hosts, the botnet command and control (CnC) type, and the presence of aberrant activity. Externally acquired datasets were also used to further test and validate the capabilities of each botnet detection technique. The results indicated, contrary to expectations, that BotMiner and BotProbe were able to detect IoT-based botnets—though they exhibited certain limitations specific to their operation. The results show that traditional botnet detection techniques are capable of detecting IoT-based botnets and that the different techniques may offer capabilities that complement one another.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhenhua Li,Yafei Dai,Guihai Chen,Yunhao Liu

DOI: https://doi.org/10.1007/978-981-19-6982-9_9

2023-01-01

Abstract:With the wide adoption, Linux-based IoT devices have emerged as one primary target of todays cyber-attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such as malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacksattacks that do not rely on malware fileshave been increasing on Linux-based IoT devices and posing significant threats to the security and privacy of IoT systems. Little has been known in terms of their characteristics and attack vectors, which hinders research and development efforts to defend against them. In this chapter, we present our endeavor in understanding fileless attacks on Linux-based IoT devices in the wild. Over a span of twelve months, we deploy 4 hardware IoT honeypots and 108 specially designed software IoT honeypots and successfully attract a wide variety of real-world IoT attacks. We present our measurement study on these attacks, with a focus on fileless attacks, including the prevalence, exploits, environments, and impacts. Our study further leads to multifold insights toward actionable defense strategies that can be adopted by IoT vendors and end users.

Zijing Yin,Yiwen Xu,Chijin Zhou,Yu Jiang

DOI: https://doi.org/10.1145/3551349.3556901

2022-01-01

Abstract:IoT devices have been under frequent attacks in recent years, causing severe impacts. Previous research has shown the evolution and features of some specific IoT malware families or stages of IoT attacks through offline sample analysis. However, we still lack a systematic observation of various system resources abused by active attackers and the malicious intentions behind these behaviors. This makes it difficult to design appropriate protection strategies to defend against existing attacks and possible future variants. In this paper, we fill this gap by analyzing 117,862 valid attack sessions captured by our dedicated high-interaction IoT honeypot, HoneyAsclepius, and further discover the intentions in our designed workflow. HoneyAsclepius enables high capture capability as well as continuous behavior monitoring during active attack sessions in real-time. Through a large-scale deployment, we collected 11,301,239 malicious behaviors originating from 50,594 different attackers. Based on this information, we further separate the behaviors in different attack sessions targeting distinct categories of system resources, estimate the temporal relations and summarize their malicious intentions behind. Inspired by such investigations, we present several key insights about abusive behaviors of the file, network, process, and special capability resources, and further propose practical defense strategies to better protect IoT devices.

S. Kumar,R. Sehgal,P. Singh,Ankit Chaudhary

DOI: https://doi.org/10.48550/arXiv.1303.3071

2013-03-13

Abstract:The numbers of the botnet attacks are increasing day by day and the detection of botnet spreading in the network has become very challenging. Bots are having specific characteristics in comparison of normal malware as they are controlled by the remote master server and usually dont show their behavior like normal malware until they dont receive any command from their master server. Most of time bot malware are inactive, hence it is very difficult to detect. Further the detection or tracking of the network of theses bots requires an infrastructure that should be able to collect the data from a diverse range of data sources and correlate the data to bring the bigger picture in view. In this paper, we are sharing our experience of botnet detection in the private network as well as in public zone by deploying the nepenthes honeypots. The automated framework for malware collection using nepenthes and analysis using anti-virus scan are discussed. The experimental results of botnet detection by enabling nepenthes honeypots in network are shown. Also we saw that existing known bots in our network can be detected.

Cryptography and Security

Zhichun Li,Anup Goyal,Yan Chen,Vern Paxson

DOI: https://doi.org/10.1145/1533057.1533063

2009-01-01

Abstract:Botnets dominate today's attack landscape. In this work we investigate ways to analyze collections of malicious probing traffic in order to understand the significance of large-scale "botnet probes". In such events, an entire collection of remote hosts together probes the address space monitored by a sensor in some sort of coordinated fashion. Our goal is to develop methodologies by which sites receiving such probes can infer---using purely local observation---information about the probing activity: What scanning strategies does the probing employ? Is this an attack that specifically targets the site, or is the site only incidentally probed as part of a larger, indiscriminant attack? Our analysis draws upon extensive honeynet data to explore the prevalence of different types of scanning, including properties such as trend, uniformity, coordination, and darknet avoidance. In addition, we design schemes to extrapolate the global properties of scanning events (e.g., total population and target scope) as inferred from the limited local view of a honeynet. Cross-validating with data from DShield shows that our inferences exhibit promising accuracy.

P. Barford,Y. Chen,A. Goyal,Z. Li,V. Paxson,V. Yegneswaran

DOI: https://doi.org/10.1007/978-1-4419-0140-8_5

2010-01-01

Abstract:Effective network security administration depends to a great extent on having accurate, concise, high-quality information about malicious activity in one's network. Honeynets can potentially provide such detailed information, but the volume and diversity of this data can prove overwhelming. We explore ways to integrate honeypot data into daily network security monitoring with a goal of sufficiently classifying and summarizing the data to provide ongoing "situational awareness." We present such a system, built using the Bro network intrusion detection system coupled with statistical analysis of numerous honeynet "events", and discuss experiences drawn from many months of operation. In particular, we develop methodologies by which sites receiving such probes can infer-using purely local observation-in format ion about the probing activity: What scanning strategies does the probing employ? Is this an attack that specifically targets the site, or is the site only incidentally probed as part of a larger, indiscriminant attack? One key aspect of this environment is its ability to provide insight into large-scale events. We look at the problem of accurately classifying botnet sweeps and worm outbreaks, which turns out to be difficult to grapple with due to the high dimensionality of such incidents. Using datasets collected during a number of these events, we explore the utility of several analysis methods, finding that when used together they show good potential for contributing towards effective Situational awareness. Our analysis draws upon extensive honeynet data to explore the prevalence of different types of scanning, including properties, such as trend, uniformity, coordination, and darknet-avoidance. In addition, we design schemes to extrapolate the global properties of scanning events (e.g., total population and target scope) as inferred from the limited local view of a honeynet. Cross-validating with data from DShield shows that such inferences exhibit promising accuracy.

Zain Shamsi,Daniel Zhang,Daehyun Kyoung,Alex Liu

DOI: https://doi.org/10.48550/arXiv.2206.13614

2022-06-28

Abstract:Network honeypots are often used by information security teams to measure the threat landscape in order to secure their networks. With the advancement of honeypot development, today's medium-interaction honeypots provide a way for security teams and researchers to deploy these active defense tools that require little maintenance on a variety of protocols. In this work, we deploy such honeypots on five different protocols on the public Internet and study the intent and sophistication of the attacks we observe. We then use the information gained to develop a clustering approach that identifies correlations in attacker behavior to discover IPs that are highly likely to be controlled by a single operator, illustrating the advantage of using these honeypots for data collection.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Jinchun Choi,Afsah Anwar,Abdulrahman Alabduljabbar,Hisham Alasmary,Jeffrey Spaulding,An Wang,Songqing Chen,DaeHun Nyang,Amro Awad,David Mohaisen

DOI: https://doi.org/10.1016/j.comnet.2022.108768

IF: 5.493

2022-04-01

Computer Networks

Abstract:The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet, that play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. Our results, through analysis and visualization expose clear patterns of affinity between sources and targets of attacks, attack exposure by Internet infrastructure, and clear depiction of the ecosystem of IoT malware as a whole, only utilizing static artifacts. Our investigation from four different perspectives provides profound insights into the role of endpoints in IoT malware attacks, which deepens our understanding of IoT malware ecosystems and can assist future defenses.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture