Paul Griffioen,Bruno Sinopoli

DOI: https://doi.org/10.48550/arXiv.2110.07771

2021-10-14

Cryptography and Security

Abstract:Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that focuses on threats and risks in the IoT. In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework that is implemented as an interactive online tool. The assessment framework this tool encodes provides organizations with specific recommendations about where resources should be devoted to mitigate risk. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies, and the interactive implementation of this framework is available at http://iotrisk.andrew.cmu.edu.

Bruno Miller,Xihui Zhang

DOI: https://doi.org/10.48009/3_iis_2020_168-178

2020-01-01

Issues in Information Systems

Abstract:As the Internet of Things (IoT) becomes ubiquitous and cybersecurity attacks rapidly evolve, IoT devices must be secured.Their infection can lead to compromised networks, stolen information, service disruptions, and botnet attacks.Botnet attacks, such as Distributed Denial of Service (DDoS), strengthen with larger numbers of devices and IoT devices make great targets for this reason.As IoT devices grow in number, the strength and risk of these massive attacks grow.Infamous botnet attacks, such as Mirai, have proven this to be a serious threat.IoT security faces unique challenges including detection difficulties, device limitations, and user attitudes and education.This paper reviews and analyzes 21 articles providing information on tools and techniques for securing IoT devices against these threats.A multi-layer approach to IoT-botnet detection and prevention is suggested consisting of: the outer layer consisting of ISP architecture; the middle layer consisting of advanced detection methods and DDoS detection and mitigation; and the inner layer consisting of user attitudes, education, and security best practices.By addressing security challenges at multiple points along the botnet lifecycle and within each layer, our proposed approach provides a holistic strategy for detecting and preventing botnet attacks.

Morteza Safaei Pour,Antonio Mangino,Kurt Friday,Matthias Rathbun,Elias Bou-Harb,Farkhund Iqbal,Sagar Samtani,Jorge Crichigno,Nasir Ghani

DOI: https://doi.org/10.1016/j.cose.2019.101707

2020-04-01

Abstract:The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructures. The highly heterogeneous nature of IoT devices and their widespread deployments has led to the rise of several key security and measurement-based challenges, significantly crippling the process of collecting, analyzing and correlating IoT-centric data. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. The proposed work aims to classify and infer Internet-scale compromised IoT devices by solely observing one-way network traffic, while also uncovering, reporting and thoroughly analyzing "in the wild" IoT botnets. To prepare a relevant dataset, a novel probabilistic model is developed to cleanse unrelated traffic by removing noise samples (i.e., misconfigured network traffic). Subsequently, several shallow and deep learning models are evaluated in an effort to train an effective multi-window convolutional neural network. By leveraging active and passing measurements when generating the training dataset, the neural network aims to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is employed by scrutinizing a set of innovative and efficient network feature sets. Analyzing 3.6 TB of recently captured darknet traffic revealed a momentous 440,000 compromised IoT devices and generated evidence-based artifacts related to 350 IoT botnets. Moreover, by conducting thorough analysis of such inferred campaigns, we reveal their scanning behaviors, packet inter-arrival times, employed rates and geo-distributions. Although several campaigns exhibit significant differences in these aspects, some are more distinguishable; by being limited to specific geo-locations or by executing scans on random ports besides their core targets. While many of the inferred botnets belong to previously documented campaigns such as Hide and Seek, Hajime and Fbot, newly discovered events portray the evolving nature of such IoT threat phenomena by demonstrating growing cryptojacking capabilities or by targeting industrial control services. To motivate empirical (and operational) IoT cyber security initiatives as well as aid in reproducibility of the obtained results, we make the source codes of all the developed methods and techniques available to the research community at large.

computer science, information systems

Abdulaziz Aldaej,Tariq Ahamed Ahanger,Mohammed Atiquzzaman,Imdad Ullah

DOI: https://doi.org/10.1007/s10586-024-04379-6

2024-04-20

Cluster Computing

Abstract:The number of cyber-attacks targeting the Internet of Things (IoT) has elevated in the last decade. This is due to the inherent security vulnerabilities inside IoT endpoints, as well as the broad acceptance and usage of Industrial IoT. In this context, botnets have arisen as a significant risk to IoT-based infrastructures by exploiting security flaws in firmware, including weak or default passwords, to hack devices. In this article, research is performed on an Intrusion Detection System (IDS) that can be installed within an IoT device to increase visibility and help devices become more secure. The presented research framework termed a Blockchain-inspired Botnet Detection System (BDS) includes the node-level IDS. Moreover, the comprehensive architecture of the node-level BDS framework is discussed. Using the ISOT, IoT23, and BoTIoT datasets, the performance of the presented model is assessed for alerts, detection rates, detection delay, and peak CPU and memory usage. Based on the computational results effective outcomes were registered for the proposed technique.

computer science, information systems, theory & methods

Kumar Saurabh,Deepak Gajjala,Krishna Kaipa,Ranjana Vyas,O. P. Vyas,Rahamatullah Khondoker

DOI: https://doi.org/10.1007/s13369-023-08600-3

IF: 2.807

2024-06-19

Arabian Journal for Science and Engineering

Abstract:Industrial cyber-physical systems (ICPS) are gradually integrating Information Technology (IT) and automating industrial processes, leading systems to become more vulnerable to malicious actors. Thus, to deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. To identify all possible threats, "Threat Modeling" is a promising solution. Despite the existence of numerous methodological solutions for threat modeling in Cyber-Physical Systems (CPS), current approaches are ad hoc and inefficient in providing clear insights to researchers and organizations involved in Industrial Internet of Things (IIoT) technologies. These approaches lack a comprehensive analysis of cyber threats and fail to facilitate effective path analysis across the ICPS lifecycle, incorporating smart manufacturing technologies and tools. To address these gaps, a novel quantitative threat modeling approach is proposed, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector. This manuscript also explains the execution of the proposed approach through two case studies: the industrial manufacturing line, referred to as the Internet of Manufacturing (IoM), and the power industry, known as the Internet of Production (IoP).

multidisciplinary sciences

Metehan Gelgi,Yueting Guan,Sanjay Arunachala,Maddi Samba Siva Samba Siva Rao,Nicola Dragoni

DOI: https://doi.org/10.3390/s24113571

IF: 3.9

2024-06-02

Sensors

Abstract:Internet of Things (IoT) technology has become an inevitable part of our daily lives. With the increase in usage of IoT Devices, manufacturers continuously develop IoT technology. However, the security of IoT devices is left behind in those developments due to cost, size, and computational power limitations. Since these IoT devices are connected to the Internet and have low security levels, one of the main risks of these devices is being compromised by malicious malware and becoming part of IoT botnets. IoT botnets are used for launching different types of large-scale attacks including Distributed Denial-of-Service (DDoS) attacks. These attacks are continuously evolving, and researchers have conducted numerous analyses and studies in this area to narrow security vulnerabilities. This paper systematically reviews the prominent literature on IoT botnet DDoS attacks and detection techniques. Architecture IoT botnet DDoS attacks, evaluations of those attacks, and systematically categorized detection techniques are discussed in detail. The paper presents current threats and detection techniques, and some open research questions are recommended for future studies in this field.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Peiyuan Sun,Jianxin Li,Md Zakirul Alam Bhuiyan,Lihong Wang,Bo Li

DOI: https://doi.org/10.1016/j.ins.2018.04.065

IF: 8.1

2018-01-01

Information Sciences

Abstract:With the rise of the Internet of Things, malicious attacks pose serious threats to the massive vulnerable IoT devices. Recently, attackers have initiated increasingly coordinated attack activities commonly pertaining to botnets. However, how to effectively detect the botnet based on attacker activities is proven challenging. In this paper, we propose a Machine Learning-based method for modeling attacker activities based on the following intuitive observations: attackers in the same botnet tend to launch temporally close attacks. We then directly model attack temporal patterns using a special class of point process called Multivariate Hawkes Process. Intuitively, Multivariate Hawkes Process identifies the latent influences between attackers by utilizing the mutually exciting properties. We then cluster the attacker activities based on the inferred weighted influence matrix with resort to the graph-based clustering approach. To evaluate the applicability of our method, we deployed 10 honeypots in a real-world environment, and conduct experiments on the collected dataset. The results show that we can identify the activity pattern and the structure of botnets effectively.

Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Jinchun Choi,Afsah Anwar,Abdulrahman Alabduljabbar,Hisham Alasmary,Jeffrey Spaulding,An Wang,Songqing Chen,DaeHun Nyang,Amro Awad,David Mohaisen

DOI: https://doi.org/10.1016/j.comnet.2022.108768

IF: 5.493

2022-04-01

Computer Networks

Abstract:The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet, that play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. Our results, through analysis and visualization expose clear patterns of affinity between sources and targets of attacks, attack exposure by Internet infrastructure, and clear depiction of the ecosystem of IoT malware as a whole, only utilizing static artifacts. Our investigation from four different perspectives provides profound insights into the role of endpoints in IoT malware attacks, which deepens our understanding of IoT malware ecosystems and can assist future defenses.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

K. Janani,S. Ramamoorthy

DOI: https://doi.org/10.1080/09540091.2022.2149698

2022-12-12

Connection Science

Abstract:Most of the recent research has focused on the Internet of Things (IoT) and its applications. The open interface and network connectivity of the interconnected systems under the IoT network make them vulnerable to hackers. A model has been proposed to identify and classify IoT routing attacks. To generate IoT routing datasets, the Cooja simulator is used at first. The IoT routing dataset is then augmented into larger volumes using ADASYN, which is also used to solve the class imbalance problems. A deep learning hybrid model based on a Long-Short-Term Memory (LSTM) network and adaptive Mayfly Optimization Algorithm (LAMOA) was presented for the classification of IoT attacks. The adaptive MOA adjusts the weights in the various layers of the LSTM network and the Fully Connected Layer with SoftMax Classification. As part of the validation process, the proposed model was also compared with benchmark datasets NSL-KDD, BoT-IoT, and IoT-23. Using benchmark datasets, LAMOA achieved 99.94% accuracy for multiclassifications, 99.92% accuracy for binary classifications, and 98.42% accuracy for real-time datasets. Compared to other models, our proposed model significantly improves the accuracy of each attack's classification by 5–10%. GRAPHICAL

computer science, artificial intelligence, theory & methods

Xuanyu Duan,Mengmeng Ge,Triet Huynh Minh Le,Faheem Ullah,Shang Gao,Xuequan Lu,M. Ali Babar

DOI: https://doi.org/10.1109/prdc53464.2021.00016

2021-12-01

Abstract:Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and poten-tial vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

Zhiyan Chen,Jinxin Liu,Yu Shen,Murat Simsek,Burak Kantarci,Hussein T. Mouftah,Petar Djukic

DOI: https://doi.org/10.1145/3530812

2022-04-17

Abstract:Despite its technological benefits, Internet of Things (IoT) has cyber weaknesses due to the vulnerabilities in the wireless medium. Machine learning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. Advanced persistent threat (APT) is prominent for cybercriminals to compromise networks, and it is crucial to long-term and harmful characteristics. However, it is difficult to apply ML-based approaches to identify APT attacks to obtain a promising detection performance due to an extremely small percentage among normal traffic. There are limited surveys to fully investigate APT attacks in IoT networks due to the lack of public datasets with all types of APT attacks. It is worth to bridge the state-of-the-art in network attack detection with APT attack detection in a comprehensive review article. This survey article reviews the security challenges in IoT networks and presents the well-known attacks, APT attacks, and threat models in IoT systems. Meanwhile, signature-based, anomaly-based, and hybrid intrusion detection systems are summarized for IoT networks. The article highlights statistical insights regarding frequently applied ML-based methods against network intrusion alongside the number of attacks types detected. Finally, open issues and challenges for common network intrusion and APT attacks are presented for future research.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Ashley Woodiss-Field,Michael N. Johnstone,Paul Haskell-Dowland

DOI: https://doi.org/10.3390/s24031027

IF: 3.9

2024-02-06

Sensors

Abstract:A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were created to test these techniques on traditional and IoT-based networks, with multiple scenarios differentiated by the total number of hosts, the total number of infected hosts, the botnet command and control (CnC) type, and the presence of aberrant activity. Externally acquired datasets were also used to further test and validate the capabilities of each botnet detection technique. The results indicated, contrary to expectations, that BotMiner and BotProbe were able to detect IoT-based botnets—though they exhibited certain limitations specific to their operation. The results show that traditional botnet detection techniques are capable of detecting IoT-based botnets and that the different techniques may offer capabilities that complement one another.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

N. Sakthipriya,V. Govindasamy,V. Akila,Sakthipriya, N.

DOI: https://doi.org/10.1007/s12083-024-01657-3

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:The "Internet of Things (IoT)" technology has been utilized in various industries in the past few years. As the IoT technology has diverse and small devices connected to it, IoT gadgets are vulnerable to several attacks. These networks are heterogeneous and big, making it difficult to handle the security of the overall network. The methods of upgrading these network security methods to combat different security assaults such as keylogging, denial of service, and man-in-the-middle are also difficult. Due to the network's heterogeneous nature and resource limitations, conventional high-end safety technologies are challenging to implement in IoT networks. Deep learning is an effective technique for identifying botnet attacks. However, the amount of internet activity required for this operation is typically substantial. Thus, implementing a deep learning technique in IoT devices with limited memory is practically difficult. Hence, this paper aims to decrease the dimensionality in the IoT network for efficient attack classification performance in memory constraint IoT devices using Conditional Adversarial Auto Encoder (CAAE) and generate realistic botnet traffic using CAAE to train the model. An efficient N-BaIoT Dataset are initially collected from the online datasets. The collected datasets are then given to the data cleaning process, which helps to avoid unnecessary information by refining essential data for attack detection. Further, the cleaned data is given to the CAAE, which is then incorporated for extracting efficient deep features in order to enhance the attack detection rate. Finally, the attack detection takes place with the extracted deep features, which are performed using the developed Dilated and Cascaded Recurrent Neural Network (DC-RNN) approach for accurately classifying the attacks in IoT devices. Throughout the analysis, the developed model shows 96%, 98%, 97%, and 96% in terms of accuracy, precision, F1-score, and recall. The research assessment is considered to analyze the suggested methods effectiveness by comparing it with conventional techniques.

computer science, information systems,telecommunications

Binglai Wang,Yu Dou,Yafei Sang,Yongzheng Zhang,Ji Huang

DOI: https://doi.org/10.1109/icc40277.2020.9149314

2020-01-01

Abstract:Nowadays, the emerging Internet-of-Things (IoT) emphasize the need for the security of network-connected devices. Additionally, there are two types of services in IoT devices that are easily exploited by attackers, weak authentication services (e.g., SSH/Telnet) and exploited services using command injection. Based on this observation, we propose IoTCMal, a hybrid IoT honeypot framework for capturing more comprehensive malicious samples aiming at IoT devices. The key novelty of IoTCMAL is three-fold: (i) it provides a high-interactive component with common vulnerable service in real IoT device by utilizing traffic forwarding technique; (ii) it also contains a low-interactive component with Telnet/SSH service by running in virtual environment. (iii) Distinct from traditional low-interactive IoT honeypots[1], which only analyze family categories of malicious samples, IoTCMal primarily focuses on homology analysis of malicious samples. We deployed IoTCMal on 36 VPS1 instances distributed in 13 cities of 6 countries. By analyzing the malware binaries captured from IoTCMal, we discover 8 malware families controlled by at least 11 groups of attackers, which mainly launched DDoS attacks and digital currency mining. Among them, about 60% of the captured malicious samples ran in ARM or MIPs architectures, which are widely used in IoT devices.

Satish Pokhrel,Robert Abbas,Bhulok Aryal

DOI: https://doi.org/10.48550/arXiv.2104.02231

2021-04-06

Abstract:The acceptance of Internet of Things (IoT) applications and services has seen an enormous rise of interest in IoT. Organizations have begun to create various IoT based gadgets ranging from small personal devices such as a smart watch to a whole network of smart grid, smart mining, smart manufacturing, and autonomous driver-less vehicles. The overwhelming amount and ubiquitous presence have attracted potential hackers for cyber-attacks and data theft. Security is considered as one of the prominent challenges in IoT. The key scope of this research work is to propose an innovative model using machine learning algorithm to detect and mitigate botnet-based distributed denial of service (DDoS) attack in IoT network. Our proposed model tackles the security issue concerning the threats from bots. Different machine learning algorithms such as K- Nearest Neighbour (KNN), Naive Bayes model and Multi-layer Perception Artificial Neural Network (MLP ANN) were used to develop a model where data are trained by BoT-IoT dataset. The best algorithm was selected by a reference point based on accuracy percentage and area under the receiver operating characteristics curve (ROC AUC) score. Feature engineering and Synthetic minority oversampling technique (SMOTE) were combined with machine learning algorithms (MLAs). Performance comparison of three algorithms used was done in class imbalance dataset and on the class balanced dataset.

Machine Learning

Su Wang,Keyang Yu,Qi Li,Dong Chen

2024-06-15

Abstract:The Internet traffic data produced by the Internet of Things (IoT) devices are collected by Internet Service Providers (ISPs) and device manufacturers, and often shared with their third parties to maintain and enhance user services. Unfortunately, on-path adversaries could infer and fingerprint users' sensitive privacy information such as occupancy and user activities by analyzing these network traffic traces. While there's a growing body of literature on defending against this side-channel attack-malicious IoT traffic analytics (TA), there's currently no systematic method to compare and evaluate the comprehensiveness of these existing studies. To address this problem, we design a new low-cost, open-source system framework-IoT Traffic Exposure Monitoring Toolkit (ITEMTK) that enables people to comprehensively examine and validate prior attack models and their defending approaches. In particular, we also design a novel image-based attack capable of inferring sensitive user information, even when users employ the most robust preventative measures in their smart homes. Researchers could leverage our new image-based attack to systematize and understand the existing literature on IoT traffic analysis attacks and preventing studies. Our results show that current defending approaches are not sufficient to protect IoT device user privacy. IoT devices are significantly vulnerable to our new image-based user privacy inference attacks, posing a grave threat to IoT device user privacy. We also highlight potential future improvements to enhance the defending approaches. ITEMTK's flexibility allows other researchers for easy expansion by integrating new TA attack models and prevention methods to benchmark their future work.

Cryptography and Security,Systems and Control

Song-Yi Hwang,Jeong-Nyeo Kim

DOI: https://doi.org/10.3390/s21216983

2021-10-21

Abstract:With the expansion of the Internet of Things (IoT), security incidents about exploiting vulnerabilities in IoT devices have become prominent. However, due to the characteristics of IoT devices such as low power and low performance, it is difficult to apply existing security solutions to IoT devices. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are increasing every year. The most representative is the Mirai malware that caused distributed denial of service (DDoS) attacks by creating a massive IoT botnet. Moreover, Mirai malware has been released on the Internet, resulting in increasing variants and new malicious codes. One of the ways to mitigate distributed denial of service attacks is to render the creation of massive IoT botnets difficult by preventing the spread of malicious code. For IoT infrastructure security, security solutions are being studied to analyze network packets going in and out of IoT infrastructure to detect threats, and to prevent the spread of threats within IoT infrastructure by dynamically controlling network access to maliciously used IoT devices, network equipment, and IoT services. However, there is a great risk to apply unverified security solutions to real-world environments. In this paper, we propose a malware simulation tool that scans vulnerable IoT devices assigned a private IP address, and spreads malicious code within IoT infrastructure by injecting malicious code download command into vulnerable devices. The malware simulation tool proposed in this paper can be used to verify the functionality of network threat detection and prevention solutions.

Jincheng Zhou,Tao Hai,Dayang Norhayati Abang Jawawi,Dan Wang,Kuruva Lakshmanna,Praveen Kumar Reddy Maddikunta,Mavellous Iwendi

DOI: https://doi.org/10.1016/j.seta.2023.103454

IF: 7.632

2023-01-01

Sustainable Energy Technologies and Assessments

Abstract:The potential for significant damage to an enterprise network by an intruder or cybercriminal wielding a botnet is substantial. Such malicious actors actively scan vulnerable connected devices, aiming to incorporate them into their botnet network for exploitation. Previous attempts to mitigate this issue have been met with varying success levels, often exhibiting inaccuracies and consuming excessive energy. The proposed model introduces a streamlined ensemble-based detection framework tailored for identifying botnets within IoT networks. Leveraging Machine Learning (ML) techniques, the framework effectively detects and safeguards the network’s infrastructure. The proposed approach identifies crucial features by employing a method for univariate feature selection, coupled with an ensemble-based framework. Botnet attacks consume a significant amount of energy in IoT devices. The proposed model detects and avoids botnet attacks, which can save energy and make IoT networks more sustainable. The suggested model synergizes the capabilities of two hyper-tuned ML algorithms, namely XGBoost and LightGBM. Experimental findings underscore the effectiveness of the proposed model, demonstrating a remarkable 100% accuracy rate in detecting malicious botnets within the network, surpassing other models which ranged between 97% and 99% accuracy.

Armin Ziaie Tabari,Xinming Ou,Anoop Singhal

DOI: https://doi.org/10.48550/arXiv.2112.10974

2021-12-21

Abstract:The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. In this work, by observing real-world attackers' behavior in a low-interaction honeypot ecosystem, we (1) presented a new approach to creating a multi-phased, multi-faceted honeypot ecosystem, which gradually increases the sophistication of honeypots' interactions with adversaries, (2) designed and developed a low-interaction honeypot for cameras that allowed researchers to gain a deeper understanding of what attackers are targeting, and (3) devised an innovative data analytics method to identify the goals of adversaries. Our honeypots have been active for over three years. We were able to collect increasingly sophisticated attack data in each phase. Furthermore, our data analytics points to the fact that the vast majority of attack activities captured in the honeypots share significant similarity, and can be clustered and grouped to better understand the goals, patterns, and trends of IoT attacks in the wild.

Cryptography and Security,Machine Learning