Improving IoT Botnet Investigation Using an Adaptive Network Layer

João Marcelo Ceron* (Corresponding Author), Klaus Steding-Jessen, Cristine Hoepers, Lisandro Zambenedetti Granville, Cíntia Borges Margi

*Corresponding author for this work

    Research output: Contribution to journalArticleAcademicpeer-review

    24 Citations (Scopus)
    39 Downloads (Pure)


    IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

    Original languageEnglish
    Article number727
    JournalSensors (Switzerland)
    Issue number3
    Publication statusPublished - 11 Feb 2019


    • Botnet
    • IoT
    • Malware
    • Malware analysis
    • SDN


    Dive into the research topics of 'Improving IoT Botnet Investigation Using an Adaptive Network Layer'. Together they form a unique fingerprint.

    Cite this