Internet of Malicious Things: Correlating Active and Passive Measurements for Inferring and Characterizing Internet-Scale Unsolicited IoT Devices

Shaikh, Farooq; Bou‐Harb, Elias; Neshenko, Nataliia; Wright, Andrea P.; Ghani, Nasir

doi:10.1109/mcom.2018.1700685

Cited by 40 publications

(16 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Malicious code injection: In this attack, the intruder injects a malicious code to manipulate the authentic data of the authorized user [ 21 , 45 ].…”

Section: Background and Preliminariesmentioning

confidence: 99%

See 1 more Smart Citation

Internet of Things: Evolution, Concerns and Security Challenges

Malhotra

Singh

Anand

et al. 2021

Sensors

156

View full text Add to dashboard Cite

The escalated growth of the Internet of Things (IoT) has started to reform and reshape our lives. The deployment of a large number of objects adhered to the internet has unlocked the vision of the smart world around us, thereby paving a road towards automation and humongous data generation and collection. This automation and continuous explosion of personal and professional information to the digital world provides a potent ground to the adversaries to perform numerous cyber-attacks, thus making security in IoT a sizeable concern. Hence, timely detection and prevention of such threats are pre-requisites to prevent serious consequences. The survey conducted provides a brief insight into the technology with prime attention towards the various attacks and anomalies and their detection based on the intelligent intrusion detection system (IDS). The comprehensive look-over presented in this paper provides an in-depth analysis and assessment of diverse machine learning and deep learning-based network intrusion detection system (NIDS). Additionally, a case study of healthcare in IoT is presented. The study depicts the architecture, security, and privacy issues and application of learning paradigms in this sector. The research assessment is finally concluded by listing the results derived from the literature. Additionally, the paper discusses numerous research challenges to allow further rectifications in the approaches to deal with unusual complications.

show abstract

“…Malicious code injection: In this attack, the intruder injects a malicious code to manipulate the authentic data of the authorized user [ 21 , 45 ].…”

Section: Background and Preliminariesmentioning

confidence: 99%

“…Additionally, the solutions to various existing attacks in different IoT applications like smart grid, smart home, VANET (vehicular ad-hoc networks) are discussed. Additionally, the survey conducted in [ 44 , 45 , 46 ] provides different IoT attack taxonomies and countermeasures to deal with it.…”

Section: Iot Security Landscapementioning

confidence: 99%

Internet of Things: Evolution, Concerns and Security Challenges

Malhotra

Singh

Anand

et al. 2021

Sensors

156

View full text Add to dashboard Cite

show abstract

“…In addition, Internet measurements have been utilized to find insecurely configured embedded devices [10], detect compromised IoT devices [42,46,58], and study cloud usage as well as communication security of IoT devices [54]. Motivated by these observations, we set out to study whether modern Internet-facing industrial appliances that use the OPC UA protocol capitalize on the promised increases in security.…”

Section: Related Workmentioning

confidence: 99%

Easing the Conscience with OPC UA

Dahlmanns

Lohmöller

Fink

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.

show abstract

“…A completely different usage of network telescopes can be found in [17]. Shaikh et al use a combination of passive and active (scanning) measurement to discover and characterize unsolicited IoT devices.…”

Section: Related Workmentioning

confidence: 99%

Prevalence of IoT Protocols in Telescopeand Honeypot Measurements

Metongnon

Sadre

2019

JCSM

View full text Add to dashboard Cite

With the arrival of the Internet of Things (IoT), more devices appear online with default credentials or lacking proper security protocols. Consequently, we have seen a rise of powerful DDoS attacks originating from IoT devices in the last years. In most cases the devices were infected by bot malware through the telnet protocol. This has lead to several honeypot studies on telnet-based attacks. However, IoT installations also involve other protocols, for example for Machine-to-Machine communication. Those protocols often provide by default only little security. In this paper, we present a measurement study on attacks against or based on those protocols. To this end, we use data obtained from a /15 network telescope and three honey-pots with 15 IPv4 addresses. We find that telnet-based malware is still widely used and that infected devices are employed not only for DDoS attacks but also for crypto-currency mining. We also see, although at a much lesser frequency, that attackers are looking for IoT-specific services using MQTT, CoAP, UPnP, and HNAP, and that they target vulnerabilities of routers and cameras with HTTP.

show abstract

Internet of Malicious Things: Correlating Active and Passive Measurements for Inferring and Characterizing Internet-Scale Unsolicited IoT Devices

Cited by 40 publications

References 7 publications

Internet of Things: Evolution, Concerns and Security Challenges

Internet of Things: Evolution, Concerns and Security Challenges

Easing the Conscience with OPC UA

Prevalence of IoT Protocols in Telescopeand Honeypot Measurements

Contact Info

Product

Resources

About