Improving IoT Botnet Investigation Using an Adaptive Network Layer

Improving IoT Botnet Investigation Using an Adaptive Network Layer

IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets' intents and characterize their behavior. Current malware...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Sensors (Basel, Switzerland) Switzerland), 2019-02, Vol.19 (3), p.727
Hauptverfasser: Ceron, João Marcelo, Steding-Jessen, Klaus, Hoepers, Cristine, Granville, Lisandro Zambenedetti, Margi, Cíntia Borges
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Architectural engineering
Artificial intelligence
botnet
Containment
Denial of service attacks
Internet of Things
IoT
Malware
malware analysis
Researchers
SDN
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets' intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.
ISSN:1424-8220
1424-8220
DOI:10.3390/s19030727