Forensics and Deep Learning Mechanisms for Botnets in Internet of Things: A Survey of Challenges and Solutions

The constant miniaturization of hardware and an increase in power efficiency, have made possible the integration of intelligence into ordinary devices. This trend of augmenting so-called non-intelligent everyday devices with computational capabilities has led to the emergence of the Internet of Things (IoT) domain. With a wide variety of applications, such as home automation, smart grids/cities, and critical infrastructure management, the IoT systems make compelling targets for cyber-attacks. In order to effectively compromise these systems, adversaries employ different advanced persistent threat (APT) methods, with one such sophisticated method, being botnets. By employing a plethora of infected machines (bots), attackers manage to compromise the IoT systems and exploit them. Prior to the appearance of the IoT domain, specialized digital forensics mechanisms were developed, in order to investigate Botnet activities in small-scale systems. Since IoT enabled botnets are scalable, technologically diverse and make use of current high-speed networks, developing forensic mechanisms capable of investigating the IoT Botnet activities has become an important challenge in the cyber-security field. Various studies have proposed, deep learning as a viable solution for handling the IoT generated data, as it was designed to handle diverse data in large volumes, requiring near real-time processing. In this study, we provide a review of forensics and deep learning mechanisms employed to investigate botnets and their applicability in the IoT environments. We provide a new definition for the IoT, in addition to a taxonomy of network forensic solutions, that were developed for both conventional, as well as, the IoT settings. Furthermore, we investigate the applicability of deep learning in network forensics, the inherent challenges of applying network forensics techniques to the IoT, and provide future direction for research in this field.

[1]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[2]  Christoph Schroth,et al.  The Internet of Things in an Enterprise Context , 2009, FIS.

[3]  Maurizio Aiello,et al.  Are mobile botnets a possible threat? The case of SlowBot Net , 2016, Comput. Secur..

[4]  Nasir Ghani,et al.  A first empirical look on internet-scale exploitations of IoT devices , 2017, 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[5]  Rahmat Budiarto,et al.  A survey on real world botnets and detection mechanisms , 2014 .

[6]  Rafal Kozik Distributing extreme learning machines with Apache Spark for NetFlow-based malware activity detection , 2018, Pattern Recognit. Lett..

[7]  Radu State,et al.  BotCloud: Detecting botnets using MapReduce , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[8]  Singh Harvinder,et al.  Investigation of UDP Bot Flooding Attack , 2016 .

[9]  Robert Bradley Gilbert Defending Against Malicious Software , 2011 .

[10]  Thomas Hyslip,et al.  A Survey of Botnet Detection Techniques by Command and Control Infrastructure , 2015, J. Digit. Forensics Secur. Law.

[11]  Vincent Nicomette,et al.  Toward an Intrusion Detection Approach for IoT Based on Radio Communications Profiling , 2017, 2017 13th European Dependable Computing Conference (EDCC).

[12]  K. Karthika,et al.  Peer to Peer Botnet Detection System , 2014 .

[13]  Zainuddin Hassan,et al.  COMMON PHASES OF COMPUTER FORENSICS INVESTIGATION MODELS , 2011 .

[14]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[15]  Tongbo Luo,et al.  IoTCandyJar : Towards an Intelligent-Interaction Honeypot for IoT Devices , 2017 .

[16]  Jill Slay,et al.  RCNF: Real-time Collaborative Network Forensic Scheme for Evidence Analysis , 2017, ArXiv.

[17]  Indrakshi Ray,et al.  A Generic Digital Forensic Investigation Framework for Internet of Things (IoT) , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[18]  Rajesh Kumar,et al.  Machine Learning based Traffic Classification using Low Level Features and Statistical Analysis , 2014 .

[19]  Anchit Bijalwan,et al.  Botnet Forensics Framework: Is Your System a Bot , 2015, 2015 Second International Conference on Advances in Computing and Communication Engineering.

[20]  Jürgen Schmidhuber,et al.  Deep learning in neural networks: An overview , 2014, Neural Networks.

[21]  V. Parthasarathy,et al.  A state of the art review on the Internet of Things (IoT) history, technology and fields of deployment , 2014, 2014 International Conference on Science Engineering and Management Research (ICSEMR).

[22]  Ramesh C. Joshi,et al.  Survey and Research Challenges of Botnet Forensics , 2013 .

[23]  Reza Azmi,et al.  A survey on Botnet: Classification, detection and defense , 2015, 2015 International Electronics Symposium (IES).

[24]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[25]  Anh Dinh,et al.  An IoT environmental data collection system for fungal detection in crop fields , 2017, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE).

[26]  Prachi Ahlawat,et al.  Botnet Detection via mining of network traffic flow , 2018 .

[27]  Carla Purdy,et al.  Toward an Online Anomaly Intrusion Detection System Based on Deep Learning , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[28]  Lijuan Zheng,et al.  Intrusion Detection Using Deep Belief Network and Probabilistic Neural Network , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[29]  Mats Björkman,et al.  An Overview on the Internet of Things for Health Monitoring Systems , 2015, IoT 360.

[30]  D. S. Bhilare,et al.  Digital Forensics: Emerging Trends and Analysis of Counter-Security Environment , 2013 .

[31]  David D. Saranchak,et al.  IOT honeynet for military deception and indications and warnings , 2018, Defense + Security.

[32]  Meng Wang,et al.  ThingPot: an interactive Internet-of-Things honeypot , 2018, ArXiv.

[33]  Zhen Chen,et al.  A collaborative botnets suppression system based on overlay network , 2012, Int. J. Secur. Networks.

[34]  Syed Ali Khayam,et al.  A Taxonomy of Botnet Behavior, Detection, and Defense , 2014, IEEE Communications Surveys & Tutorials.

[35]  Samuel Marchal,et al.  DÏoT: A Federated Self-learning Anomaly Detection System for IoT , 2018, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[36]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[37]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[38]  Kai Yang,et al.  Active Learning for Wireless IoT Intrusion Detection , 2018, IEEE Wireless Communications.

[39]  Xiangdong Che,et al.  An Overview of Modern Botnets , 2015, Inf. Secur. J. A Glob. Perspect..

[40]  Binxing Fang,et al.  Andbot: Towards Advanced Mobile Botnets , 2011, USENIX Workshop on Large-Scale Exploits and Emergent Threats.

[41]  Thar Baker,et al.  BotDet: A System for Real Time Botnet Command and Control Traffic Detection , 2018, IEEE Access.

[42]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[43]  Athanasios V. Vasilakos,et al.  Data Mining for the Internet of Things: Literature Review and Challenges , 2015, Int. J. Distributed Sens. Networks.

[44]  Mumbai,et al.  Internet of Things (IoT): A Literature Review , 2015 .

[45]  Mohsen Guizani,et al.  The rise of ransomware and emerging security challenges in the Internet of Things , 2017, Comput. Networks.

[46]  Jill Slay,et al.  Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks , 2019, IEEE Transactions on Big Data.

[47]  Yuval Elovici,et al.  SIPHON: Towards Scalable High-Interaction Physical Honeypots , 2017, CPSS@AsiaCCS.

[48]  Ali Dehghantanha,et al.  Internet of Things security and forensics: Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[49]  Ragib Hasan,et al.  Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things , 2015, 2015 IEEE World Congress on Services.

[50]  Vinton G. Cerf,et al.  A brief history of the internet , 1999, CCRV.

[51]  Edith Cowan Malware Forensics: Discovery of the Intent of Deception , 2019 .

[52]  Herbert Bos,et al.  Highly resilient peer-to-peer botnets are here: An analysis of Gameover Zeus , 2013, 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE).

[53]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[54]  Mahdi Jafari Siavoshani,et al.  Deep packet: a novel approach for encrypted traffic classification using deep learning , 2017, Soft Computing.

[55]  Wilson Jeberson,et al.  A LITERATURE REVIEW ON MALWARE AND ITS ANALYSIS , 2013 .

[56]  Ronald Cheng D 2 PI : Identifying Malware through Deep Packet Inspection with Deep Learning , 2017 .

[57]  Jiman Jeong,et al.  Accurate and Communication-Efficient Detection of Widespread Events , 2018, IEEE Access.

[58]  S. Mercy Shalinie,et al.  A survey of distributed denial of service attack , 2016, 2016 10th International Conference on Intelligent Systems and Control (ISCO).

[59]  Elena Sitnikova,et al.  Privacy preservation intrusion detection technique for SCADA systems , 2017, 2017 Military Communications and Information Systems Conference (MilCIS).

[60]  Biplab Sikdar,et al.  An Intrusion Detection System for Detecting Compromised Gateways in Clustered IoT Networks , 2018, 2018 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR).

[61]  Gunasekaran Manogaran,et al.  HIoTPOT: Surveillance on IoT Devices against Recent Threats , 2018, Wirel. Pers. Commun..

[62]  Elias Bou-Harb,et al.  Behavioral Service Graphs , 2017 .

[63]  Paul D. Yoo,et al.  From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods , 2018, IEEE Communications Surveys & Tutorials.

[64]  Sherali Zeadally,et al.  Network Forensics: An Analysis of Techniques, Tools, and Trends , 2012, Computer.

[65]  Marcelo R. Campo,et al.  Survey on network-based botnet detection methods , 2014, Secur. Commun. Networks.

[66]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[67]  Tankut Acarman,et al.  Botnet detection based on network flow summary and deep learning , 2018, Int. J. Netw. Manag..

[68]  R. Nigam,et al.  A Timeline Of Mobile Botnets , 2015 .

[69]  Tongwen Chen,et al.  An Intrusion Detection System for Cyber Attacks in Wireless Networked Control Systems , 2018, IEEE Transactions on Circuits and Systems II: Express Briefs.

[70]  Jin Wang,et al.  Improved deep packet inspection in data stream detection , 2018, The Journal of Supercomputing.

[71]  Cliff Joslyn,et al.  Massive scale cyber traffic analysis: a driver for graph database research , 2013, GRADES.

[72]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[73]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[74]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[75]  Peng Liu,et al.  The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved , 2018, IEEE Internet of Things Journal.

[76]  Tomas Horvath,et al.  Botnet C&C Traffic and Flow Lifespans Using Survival Analysis , 2017 .

[77]  Xin Jiang,et al.  Cloud computing-based forensic analysis for collaborative network security management system , 2013 .

[78]  Lyman Chapin,et al.  THE INTERNET OF THINGS : AN OVERVIEW Understanding the Issues and Challenges of a More Connected World , 2015 .

[79]  Rami Puzis,et al.  Generation of Automatic and Realistic Artificial Profiles , 2018, ArXiv.

[80]  Ilhame El Farissi,et al.  Performance Analysis of an Intrusion Detection Systems Based of Artificial Neural Network , 2017 .

[81]  Elena Sitnikova,et al.  Towards Developing Network forensic mechanism for Botnet Activities in the IoT based on Machine Learning Techniques , 2017, MONAMI.

[82]  Nitin Naik,et al.  Honeypots That Bite Back: A Fuzzy Technique for Identifying and Inhibiting Fingerprinting Attacks on Low Interaction Honeypots , 2018, 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[83]  Chibuzor John Ugochukwu,et al.  An Intrusion Detection System Using Machine Learning Algorithm , 2018 .

[84]  Robert C. Atkinson,et al.  Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey , 2017, ArXiv.

[85]  Sanjeev Kumar,et al.  Distributed Honeynet System Using Gen III Virtual Honeynet , 2012 .

[86]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[87]  Kim-Kwang Raymond Choo,et al.  An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things , 2019, IEEE Internet of Things Journal.

[88]  Mohamad Yusof Darus,et al.  Detection and Defense Algorithms of Different Types of DDoS Attacks , 2018 .

[89]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[90]  Nasir D. Memon,et al.  Digital Forensics , 2009, IEEE Secur. Priv..

[91]  Ainuddin Wahid Abdul Wahab,et al.  Network forensics: Review, taxonomy, and open challenges , 2016, J. Netw. Comput. Appl..

[92]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[93]  Emmanuel S. Pilli,et al.  Forensics of Random-UDP Flooding Attacks , 2015, J. Networks.

[94]  Monther Aldwairi,et al.  Detecting Malware Domains: A Cyber-Threat Alarm System , 2017, AFRICATEK.

[95]  Dinil Mon Divakaran,et al.  Evidence gathering for network security and forensics , 2017, Digit. Investig..

[96]  Chao Gao,et al.  Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System , 2017, IEEE Internet of Things Journal.

[97]  M. A. Novotny,et al.  An evaluation of the performance of Restricted Boltzmann Machines as a model for anomaly network intrusion detection , 2018, Comput. Networks.

[98]  Galuh Boy Hertantyo,et al.  Applied Internet of Things (IoT): Car monitoring system using IBM BlueMix , 2016, 2016 International Seminar on Intelligent Technology and Its Applications (ISITIA).

[99]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[100]  Thar Baker,et al.  Iot Forensics: Challenges for the Ioa Era , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[101]  Aman Jantan,et al.  A Review of Machine Learning Application in Botnet Detection System , 2016 .

[102]  Ahmad Y. Javaid,et al.  A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN) , 2016, EAI Endorsed Trans. Security Safety.

[103]  Van-Hau Pham,et al.  Honeypot trace forensics: The observation viewpoint matters , 2011, Future Gener. Comput. Syst..