Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure

Tanabe, Rui; Watanabe, Tokuji; Fujita, Akira; Isawa, Ryoichi; Gañán, Carlos; Eeten, Michel van; Yoshioka, Katsunari; Matsumoto, Tsutomu

doi:10.2197/ipsjjip.30.577

Cited by 2 publications

(1 citation statement)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, a well-known botnet called Mirai was launched in October 2016; infected IoT devices bombarded a victim DNS server with 1.2 Tbps of data [8,9]. Similarly, another IoT botnet called BashLite was used to launch a DDoS attack against the victim servers [10,11]. The BashLite botnet searched for possible credentials among 6 generic usernames and 14 generic passwords.…”

Section: Related Workmentioning

confidence: 99%

A DDoS Detection and Prevention System for IoT Devices and Its Application to Smart Home Environment

et al. 2022

View full text Add to dashboard Cite

The Internet of Things (IoT) has become an integral part of our daily life as it is growing in many fields, such as engineering, e-health, smart homes, smart buildings, agriculture, weather forecasting, etc. However, the growing number of IoT devices and their weak configuration raise many security challenges such as designing protocols to protect these devices from various types of attacks such as using them as bots for DDoS attacks on target servers. In order to protect IoT devices from enslavement as bots in a home environment, we develop a lightweight security model consisting of various security countermeasures. The working mechanism of the proposed security model is presented in a two-part experimental scenario. Firstly, we describe the working mechanism of how an attacker infects an IoT device and then spreads the infection to the entire network. Secondly, we propose a set of mechanisms consisting of filtration, detection of abnormal traffic generated from IoT devices, screening, and publishing the abnormal traffic patterns to the rest of the home routers on the network. We tested the proposed scheme by infecting an IoT device with malicious code. The infected device then infects the rest of the IoT devices in its network and launches a DDoS attack by receiving attack-triggering commands from the botmaster. Finally, the proposed detection mechanism is used to detect the abnormal traffic and block the connection of infected devices in the network. The results reveal that the proposed system blocks abnormal traffic if the packets from an IoT device exceeded a threshold of 50 packets. Similarly, the network packet statistics show that, in the event of an unwanted situation, the detection mechanism runs smoothly and avoids any possible delays in the network.

show abstract

Section: Related Workmentioning

confidence: 99%