Improving IoT Botnet Investigation Using an Adaptive Network Layer

João Marcelo Ceron (Corresponding Author), Klaus Steding-Jessen, Cristine Hoepers, Lisandro Zambenedetti Granville, Cíntia Borges Margi

Research output: Contribution to journalArticleAcademicpeer-review

2 Downloads (Pure)

Abstract

IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

Original languageEnglish
Article number727
JournalSensors (Switzerland)
Volume19
Issue number3
DOIs
Publication statusPublished - 11 Feb 2019

Fingerprint

Network layers
Internet
traffic
attack
Equipment and Supplies
containment
commands
manipulators
controllers
Botnet
Internet of things
Controllers
Malware

Keywords

  • Botnet
  • IoT
  • Malware
  • Malware analysis
  • SDN

Cite this

Ceron, J. M., Steding-Jessen, K., Hoepers, C., Granville, L. Z., & Margi, C. B. (2019). Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors (Switzerland), 19(3), [727]. https://doi.org/10.3390/s19030727
Ceron, João Marcelo ; Steding-Jessen, Klaus ; Hoepers, Cristine ; Granville, Lisandro Zambenedetti ; Margi, Cíntia Borges. / Improving IoT Botnet Investigation Using an Adaptive Network Layer. In: Sensors (Switzerland). 2019 ; Vol. 19, No. 3.
@article{a1454a18c3c14a4594ff8f5700dbd061,
title = "Improving IoT Botnet Investigation Using an Adaptive Network Layer",
abstract = "IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.",
keywords = "Botnet, IoT, Malware, Malware analysis, SDN",
author = "Ceron, {Jo{\~a}o Marcelo} and Klaus Steding-Jessen and Cristine Hoepers and Granville, {Lisandro Zambenedetti} and Margi, {C{\'i}ntia Borges}",
year = "2019",
month = "2",
day = "11",
doi = "10.3390/s19030727",
language = "English",
volume = "19",
journal = "Sensors (Switserland)",
issn = "1424-8220",
publisher = "Multidisciplinary Digital Publishing Institute",
number = "3",

}

Ceron, JM, Steding-Jessen, K, Hoepers, C, Granville, LZ & Margi, CB 2019, 'Improving IoT Botnet Investigation Using an Adaptive Network Layer' Sensors (Switzerland), vol. 19, no. 3, 727. https://doi.org/10.3390/s19030727

Improving IoT Botnet Investigation Using an Adaptive Network Layer. / Ceron, João Marcelo (Corresponding Author); Steding-Jessen, Klaus; Hoepers, Cristine; Granville, Lisandro Zambenedetti; Margi, Cíntia Borges.

In: Sensors (Switzerland), Vol. 19, No. 3, 727, 11.02.2019.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - Improving IoT Botnet Investigation Using an Adaptive Network Layer

AU - Ceron, João Marcelo

AU - Steding-Jessen, Klaus

AU - Hoepers, Cristine

AU - Granville, Lisandro Zambenedetti

AU - Margi, Cíntia Borges

PY - 2019/2/11

Y1 - 2019/2/11

N2 - IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

AB - IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

KW - Botnet

KW - IoT

KW - Malware

KW - Malware analysis

KW - SDN

UR - http://www.scopus.com/inward/record.url?scp=85061493266&partnerID=8YFLogxK

U2 - 10.3390/s19030727

DO - 10.3390/s19030727

M3 - Article

VL - 19

JO - Sensors (Switserland)

JF - Sensors (Switserland)

SN - 1424-8220

IS - 3

M1 - 727

ER -

Ceron JM, Steding-Jessen K, Hoepers C, Granville LZ, Margi CB. Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors (Switzerland). 2019 Feb 11;19(3). 727. https://doi.org/10.3390/s19030727