Improving IoT Botnet Investigation Using an Adaptive Network Layer

IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analy...

Descripción completa

Detalles Bibliográficos
Autores principales: Ceron, João Marcelo, Steding-Jessen, Klaus, Hoepers, Cristine, Granville, Lisandro Zambenedetti, Margi, Cíntia Borges
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2019
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6386856/
https://www.ncbi.nlm.nih.gov/pubmed/30754667
http://dx.doi.org/10.3390/s19030727
Descripción
Sumario:IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

Ejemplares similares