IoT Botnet Detection Mechanism Based on UDP Protocol

Khaing, Myint Soe; Thant, Yee Mon; Tun, Thazin; Htwe, Chaw Su; Thwin, Mie Mie Su

doi:10.1109/icca49400.2020.9022832

Cited by 6 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such coherence arises because the IP length also contains the DNS length, which is the driving force in classifying DNS Botnet attacks. Regarding the significant role of udp.length in detecting DNS botnets, existing research, such as the study by Khaing et al [88], indicates that the UDP packet size can serve as a means to identify DNS botnets within IoT due to its inclusion of DNS header length. Additionally, related studies have utilized it with other features to identify hybrid botnets, as highlighted in [89].…”

Section: Dns Botnetmentioning

confidence: 99%

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Aksoy,

Valle,

Kar

2024

Electronics

View full text Add to dashboard Cite

The cybersecurity landscape presents daunting challenges, particularly in the face of Denial of Service (DoS) attacks such as DoS Http Unbearable Load King (HULK) attacks and DoS GoldenEye attacks. These malicious tactics are designed to disrupt critical services by overwhelming web servers with malicious requests. In contrast to DoS attacks, there exists nefarious Operating System (OS) scanning, which exploits vulnerabilities in target systems. To provide further context, it is essential to clarify that NMAP, a widely utilized tool for identifying host OSes and vulnerabilities, is not inherently malicious but a dual-use tool with legitimate applications, such as asset inventory services in company networks. Additionally, Domain Name System (DNS) botnets can be incredibly damaging as they harness numerous compromised devices to inundate a target with malicious DNS traffic. This can disrupt online services, leading to downtime, financial losses, and reputational damage. Furthermore, DNS botnets can be used for other malicious activities like data exfiltration, spreading malware, or launching other cyberattacks, making them a versatile tool for cybercriminals. As attackers continually adapt and modify specific attributes to evade detection, our paper introduces an automated detection method that requires no expert input. This innovative approach identifies the distinct characteristics of DNS botnet attacks, DoS HULK attacks, DoS GoldenEye attacks, and OS-Scanning, explicitly using the NMAP tool, even when attackers alter their tactics. By harnessing a representative dataset, our proposed method ensures robust detection of such attacks against varying attack parameters or behavioral shifts. This heightened resilience significantly raises the bar for attackers attempting to conceal their malicious activities. Significantly, our approach delivered outstanding outcomes, with a mid 95% accuracy in categorizing NMAP OS scanning and DNS botnet attacks, and 100% for DoS HULK attacks and DoS GoldenEye attacks, proficiently discerning between malevolent and harmless network packets. Our code and the dataset are made publicly available.

show abstract

Section: Dns Botnetmentioning

confidence: 99%

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Aksoy,

Valle,

Kar

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…A user datagram protocol (UDP) flooding attack is a type of DDoS attack in which the attacker targets and overwhelms random ports on a targeted server with IP packets including UDP packets [122]. In this type of attack, the host checks for applications that are listening to a specific port.…”

Section: G Udp Flooding Attacksmentioning

confidence: 99%

“…If the host does not find applications, it replies with ICMP messages stating that the destination is unreachable. When a large number of UDP packets target the victim, the host is forced to send many ICMP destination unreachable packets [122]. As a result, the server' resources are consumed with these UPD packets, making the host unresponsive to legitimate clients.…”

Section: G Udp Flooding Attacksmentioning

confidence: 99%

Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments

Aljuhani

2021

IEEE Access

View full text Add to dashboard Cite

“…DDoS attacks involve leveraging a network of obedient devices, commonly referred to as zombies or bots. The aim of the attacker is to disrupt network infrastructure services by sending attack traffic to the target through the botnet 4,5 . This action effectively denies legitimate users access to network services.…”

Section: Introductionmentioning

confidence: 99%

“…The aim of the attacker is to disrupt network infrastructure services by sending attack traffic to the target through the botnet. 4,5 This action effectively denies legitimate users access to network services. Despite a wide array of countermeasures, detecting these attacks remains a challenge.…”

Section: Introductionmentioning

confidence: 99%

DDoS attacks and machine‐learning‐based detection methods: A survey and taxonomy

Najafimehr

Zarifzadeh

Mostafavi

2023

Engineering Reports

View full text Add to dashboard Cite

Distributed denial of service (DDoS) attacks represent a significant cybersecurity challenge, posing a critical risk to computer networks. Developing an effective defense mechanism against these attacks is crucial but challenging, given their diverse attack types, network and computing platform heterogeneity, and complex communication protocols. Moreover, the emergence of innovative DDoS attack methods presents a formidable threat to existing countermeasures. Various machine learning techniques have shown promise in detecting DDoS attacks with low false‐positive rates and high detection rates. This survey paper offers a comprehensive taxonomy of machine learning‐based methods for detecting DDoS attacks, reviewing supervised, unsupervised, hybrid approaches, and analyzing the related challenges. Further, we explore relevant datasets, highlighting their strengths and limitations, and propose future research directions to address the current gaps in this domain. This paper aims to provide a profound understanding of DDoS attack detection mechanisms, aiding researchers, and practitioners in developing effective cybersecurity approaches against such attacks. This research is essential because DDoS attacks are diverse and pose a formidable threat to computer networks, and various machine learning techniques have shown promise in detecting them. Its implications include providing insights that can inform the development of robust defense mechanisms against DDoS attacks.

show abstract

IoT Botnet Detection Mechanism Based on UDP Protocol

Cited by 6 publications

References 6 publications

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Automated Network Incident Identification through Genetic Algorithm-Driven Feature Selection

Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments

DDoS attacks and machine‐learning‐based detection methods: A survey and taxonomy

Contact Info

Product

Resources

About