Improving IoT Botnet Investigation Using an Adaptive Network Layer

João Marcelo Ceron* (Corresponding Author), Klaus Steding-Jessen, Cristine Hoepers, Lisandro Zambenedetti Granville, Cíntia Borges Margi

*Corresponding author for this work

    Research output: Contribution to journalArticleAcademicpeer-review

    7 Citations (Scopus)
    20 Downloads (Pure)

    Abstract

    IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

    Original languageEnglish
    Article number727
    JournalSensors (Switzerland)
    Volume19
    Issue number3
    DOIs
    Publication statusPublished - 11 Feb 2019

      Fingerprint

    Keywords

    • Botnet
    • IoT
    • Malware
    • Malware analysis
    • SDN

    Cite this

    Ceron, J. M., Steding-Jessen, K., Hoepers, C., Granville, L. Z., & Margi, C. B. (2019). Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors (Switzerland), 19(3), [727]. https://doi.org/10.3390/s19030727