Detecting and confronting flash attacks from IoT botnets

Gone are the days when cloud providers were attacked by flash crowds causing a DoS or malware running on a very large number of servers creating a DDoS. As the number of IoT devices connected to the Internet steadily increases, the cloud faces threats of flash crowds of IoT botnets controlled by malware such as Mirai, Bashlite and cryptojacking. In this paper, we propose and implement an adaptive filter that curtails DDoS attacks from a variety of compromised IoT bots. Experiments conclude that detection of IoT Botnets can be achieved with an accuracy rate of 99.69% and the detection of cryptojacking with a misclassification rate of 1.5%. The performance of the proposed adaptive filter is tested using the Amazon public cloud platform, and the results show that the adaptive filter can significantly reduce illegitimate botnet requests from variants such as FBOT, ARIS, EXIENDO and APEP and can reduce the instances processing time by 19%, connection time by 34% and the waiting time by 18%.

[1]  Félix J. García Clemente,et al.  A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks , 2018, IEEE Access.

[2]  Wen-Guey Tzeng,et al.  Effective Botnet Detection Through Neural Networks on Convolutional Features , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[3]  Bo Hong,et al.  Managing flash crowds on the Internet , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[4]  Márk Jelasity,et al.  Towards Automated Detection of Peer-to-Peer Botnets: On the Limits of Local Approaches , 2009, LEET.

[5]  Daniel Jeswin Nallathambi,et al.  Use of honeypots for mitigating DoS attacks targeted on IoT networks , 2017, 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP).

[6]  Yan Zhang,et al.  An IoT Anomaly Detection Model Based on Artificial Immunity , 2012 .

[7]  Hossein Rouhani Zeidanloo,et al.  A taxonomy of Botnet detection techniques , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[8]  Hiroshi Fujinoki,et al.  A Survey: Recent Advances and Future Trends in Honeypot Research , 2012 .

[9]  Nick Feamster,et al.  Boosting the scalability of botnet detection using adaptive traffic sampling , 2011, ASIACCS '11.

[10]  Jaydip Sen,et al.  Embedded security for Internet of Things , 2011, 2011 2nd National Conference on Emerging Trends and Applications in Computer Science.

[11]  Atefeh Zareh BotcoinTrap: Detection of Bitcoin Miner Botnet Using Host Based Approach , 2018, 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC).

[12]  Lei Zhang,et al.  How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World , 2018, CCS.

[13]  Antonio F. Gómez-Skarmeta,et al.  An Architecture Based on Internet of Things to Support Mobility and Security in Medical Environments , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[14]  Hossein Rouhani Zeidanloo,et al.  A proposed framework for P2P botnet detection , 2010 .

[15]  Jeremy Clark,et al.  A First Look at Browser-Based Cryptojacking , 2018, 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[16]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[17]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[18]  Suresh Singh,et al.  An Algorithm for Anomaly-based Botnet Detection , 2006, SRUTI.

[19]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[20]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[21]  Anees Shaikh,et al.  Using mini-flash crowds to infer resource constraints in remote web servers , 2007, INM '07.

[22]  Manuel Mazzara,et al.  AntibIoTic: Protecting IoT Devices Against DDoS Attacks , 2016, SEDA.

[23]  Jose Romero-Mariona,et al.  IoDDoS - The Internet of Distributed Denial of Sevice Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets , 2017, IoTBDS.

[24]  Naveen K. Chilamkurti,et al.  Distributed attack detection scheme using deep learning approach for Internet of Things , 2017, Future Gener. Comput. Syst..

[25]  Prateek Mittal,et al.  BotGrep: Finding P2P Bots with Structured Graph Analysis , 2010, USENIX Security Symposium.

[26]  Hossein Rouhani Zeidanloo,et al.  Botnet Command and Control Mechanisms , 2009, 2009 Second International Conference on Computer and Electrical Engineering.

[27]  R. Villamarin-Salomon,et al.  Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[28]  Jianwei Hu,et al.  Overview of Botnet Detection Based on Machine Learning , 2018, 2018 3rd International Conference on Mechanical, Control and Computer Engineering (ICMCCE).

[29]  B. B. P. Rao,et al.  Cloud computing for Internet of Things & sensing based applications , 2012, 2012 Sixth International Conference on Sensing Technology (ICST).

[30]  Anton O. Prokofiev,et al.  A method to detect Internet of Things botnets , 2018, 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus).

[31]  João Figueiredo,et al.  A SCADA system for energy management in intelligent buildings , 2012 .

[32]  Elisa Bertino,et al.  Heimdall: Mitigating the Internet of Insecure Things , 2017, IEEE Internet of Things Journal.

[33]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[34]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[35]  Yuval Elovici,et al.  SIPHON: Towards Scalable High-Interaction Physical Honeypots , 2017, CPSS@AsiaCCS.

[36]  Norihiko Yoshida,et al.  Autonomic Multi-server Distribution in Flash Crowds Alleviation Network , 2007, EUC Workshops.

[37]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[38]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[39]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[40]  Iftekhar Ahmad,et al.  Smart Charging Strategy for Electric Vehicle Charging Stations , 2018, IEEE Transactions on Transportation Electrification.

[41]  Sakir Sezer,et al.  Detecting Cryptomining Using Dynamic Analysis , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).

[42]  Roger Piqueras Jover,et al.  Anomaly detection in cellular Machine-to-Machine communications , 2013, 2013 IEEE International Conference on Communications (ICC).

[43]  Brian Hutchinson,et al.  Deep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams , 2017, AAAI Workshops.

[44]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[45]  Wanlei Zhou,et al.  Discriminating DDoS attack traffic from flash crowd through packet arrival patterns , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[46]  Michael K. Reiter,et al.  Traffic Aggregation for Malware Detection , 2008, DIMVA.

[47]  Andrea Zanella,et al.  Internet of Things for Smart Cities , 2014, IEEE Internet of Things Journal.

[48]  Tatikayala Sai Gopal,et al.  Mitigating Mirai Malware Spreading in IoT Environment , 2018, 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[49]  Sven Nomm,et al.  Dimensionality Reduction for Machine Learning Based IoT Botnet Detection , 2018, 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV).

[50]  John S. Heidemann,et al.  Flash crowd mitigation via adaptive admission control based on application-level observations , 2005, TOIT.

[51]  Ali A. Ghorbani,et al.  Botnet detection based on traffic behavior analysis and flow intervals , 2013, Comput. Secur..