An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA) release_7vyksb7sxjgrxevyblzvso564u

by Tolijan Trajanovski, Ning Zhang

Released as a article .

2021  

Abstract

The proliferation of insecure Internet-connected devices gave rise to the IoT botnets which can grow very large rapidly and may perform high-impact cyber-attacks. The related studies for tackling IoT botnets are concerned with either capturing or analysing IoT botnet samples, using honeypots and sandboxes, respectively. The lack of integration between the two implies that the samples captured by the honeypots must be manually submitted for analysis, introducing a delay during which a botnet may change its operation. Furthermore, the effectiveness of the proposed sandboxes is limited by the potential use of anti-analysis techniques and the inability to identify features for effective detection and identification of IoT botnets. In this paper, we propose the IoT-BDA framework for automated capturing, analysis, identification, and reporting of IoT botnets. The captured samples are analysed in real-time to identify indicators of compromise and attack, along with anti-analysis, persistence, and anti-forensics techniques. These features can help botnet detection and analysis, as well as infection remedy. The framework reports the findings to a blacklist and abuse service to facilitate botnet suspension. We also describe the discovered anti-honeypot techniques and the measures applied to reduce the risk of honeypot detection. Over the period of seven months, the framework captured, analysed, and reported 4077 unique IoT botnet samples. The analysis results show that IoT botnets may employ persistence, anti-analysis and anti-forensics techniques typical for traditional botnets. The in-depth analysis also discovered IoT botnets using techniques for evading network detection.
In text/plain format

Archived Content

There are no accessible files associated with this release. You could check other releases for this work for an accessible version.

"Dark" Preservation Only
Save Paper Now!

Know of a fulltext copy of on the public web? Submit a URL and we will archive it

Type  article
Stage   submitted
Date   2021-05-24
Version   v1
Language   en ?
arXiv  2105.11061v1
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: f561851c-ea49-4dc0-9a27-cb507388de73
API URL: JSON