Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT

Spaulding, Jeffrey; Park, Jeman; Kim, Joongheon; Nyang, DaeHun; Mohaisen, Aziz

doi:10.1002/ett.3505

Cited by 7 publications

(5 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, one paper [70] presented DRIFT, a method for identifying command and control domain names on the Internet of Things botnet scale. By applying an inherent feature of malicious domain name queries preceding registration, they developed a difference-based, lightweight feature for detecting malicious C&C domain names.…”

Section: Ai-based Supervised Learningmentioning

confidence: 99%

Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research

et al. 2021

View full text Add to dashboard Cite

Internet of Things (IoT) is promising technology that brings tremendous benefits if used optimally. At the same time, it has resulted in an increase in cybersecurity risks due to the lack of security for IoT devices. IoT botnets, for instance, have become a critical threat; however, systematic and comprehensive studies analyzing the importance of botnet detection methods are limited in the IoT environment. Thus, this study aimed to identify, assess and provide a thoroughly review of experimental works on the research relevant to the detection of IoT botnets. To accomplish this goal, a systematic literature review (SLR), an effective method, was applied for gathering and critically reviewing research papers. This work employed three research questions on the detection methods used to detect IoT botnets, the botnet phases and the different malicious activity scenarios. The authors analyzed the nominated research and the key methods related to them. The detection methods have been classified based on the techniques used, and the authors investigated the botnet phases during which detection is accomplished. This research procedure was used to create a source of foundational knowledge of IoT botnet detection methods. As a result of this study, the authors analyzed the current research gaps and suggest future research directions.

show abstract

Section: Ai-based Supervised Learningmentioning

confidence: 99%

Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Creech and Hu 16 proposed a method for semantic analysis of botnets based on continuous and discontinuous system calls. Spaulding et al 17 designed a system for detecting command and control domain names in Internet of Things scale botnets. Host‐based detection technology has higher accuracy, but detection is time‐consuming and costly.…”

Section: Literature Reviewmentioning

confidence: 99%

BotDetector: An extreme learning machine‐based Internet of Things botnet detection model

Xudong

Dong

Chen

et al. 2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The development of artificial intelligence has brought new methods for botnet detection. For better performance, deep learning (DL) is more and more widely employed to botnet detecting. The existing DL‐based botnet detection methods require lots of computing resources and running time. While in the real Internet of Things (IoT) environment, real‐time and low computing consumption are much needed. Therefore, the DL‐based methods seem to be powerless in real‐time IoT scenarios. For these reasons, this article proposes a botnet detection model based on extreme learning machine, named BotDetector, which can directly obtain network stream files and quickly learn without data processing to extract botnet traffic characteristics. Experiments show that BotDetector has a good performance, which can identify botnets accurately with great reduction the time consumption and resource consumption. Furthermore, BotDetector has strong applicability in real IoT scenes.

show abstract

“…Related to our use of network features is a line of research on traffic analysis for malware and botnet detection. Such works include [39][40][41][42][43][44], with others paying particular attention to the use of fast-flux techniques [45][46][47][48][49][50]. Support for our use of DNS features for malware analysis comes in [51][52][53].…”

Section: Related Workmentioning

confidence: 99%

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Mohaisen¹,

Alrawi²,

Park³

et al. 2018

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Using runtime execution artifacts to identify malware and its associated "family" is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.

show abstract

Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT

Cited by 7 publications

References 37 publications

Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research

Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research

BotDetector: An extreme learning machine‐based Internet of Things botnet detection model

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Contact Info

Product

Resources

About