scholarly journals Improving IoT Botnet Investigation Using an Adaptive Network Layer

Sensors ◽  
2019 ◽  
Vol 19 (3) ◽  
pp. 727 ◽  
Author(s):  
João Ceron ◽  
Klaus Steding-Jessen ◽  
Cristine Hoepers ◽  
Lisandro Granville ◽  
Cíntia Margi
Keyword(s):  
Network Traffic ◽  
Denial Of Service ◽  
The Internet ◽  
Malware Analysis ◽  
Distributed Denial Of Service ◽  
Network Access ◽  
Network Layer ◽  
Internet Infrastructure ◽  
Study Case ◽  
Analysis Environment

IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

scholarly journals A Malware Distribution Simulator for the Verification of Network Threat Prevention Tools

Sensors ◽  
2021 ◽  
Vol 21 (21) ◽  
pp. 6983
Author(s):  
Song-Yi Hwang ◽  
Jeong-Nyeo Kim
Keyword(s):  
Denial Of Service ◽  
Malicious Code ◽  
The Internet ◽  
Simulation Tool ◽  
Distributed Denial Of Service ◽  
Network Access ◽  
Ip Address ◽  
Network Equipment ◽  
Low Performance ◽  
Iot Devices

With the expansion of the Internet of Things (IoT), security incidents about exploiting vulnerabilities in IoT devices have become prominent. However, due to the characteristics of IoT devices such as low power and low performance, it is difficult to apply existing security solutions to IoT devices. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are increasing every year. The most representative is the Mirai malware that caused distributed denial of service (DDoS) attacks by creating a massive IoT botnet. Moreover, Mirai malware has been released on the Internet, resulting in increasing variants and new malicious codes. One of the ways to mitigate distributed denial of service attacks is to render the creation of massive IoT botnets difficult by preventing the spread of malicious code. For IoT infrastructure security, security solutions are being studied to analyze network packets going in and out of IoT infrastructure to detect threats, and to prevent the spread of threats within IoT infrastructure by dynamically controlling network access to maliciously used IoT devices, network equipment, and IoT services. However, there is a great risk to apply unverified security solutions to real-world environments. In this paper, we propose a malware simulation tool that scans vulnerable IoT devices assigned a private IP address, and spreads malicious code within IoT infrastructure by injecting malicious code download command into vulnerable devices. The malware simulation tool proposed in this paper can be used to verify the functionality of network threat detection and prevention solutions.

scholarly journals Analisa Real-Time Data log honeypot menggunakan Algoritma K-Means pada serangan Distributed Denial of Service

Repositor ◽  
2020 ◽  
Vol 2 (5) ◽  
pp. 541
Author(s):  
Denni Septian Hermawan ◽  
Syaifuddin Syaifuddin ◽  
Diah Risqiwati
Keyword(s):  
Real Time ◽  
Data Storage ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Time Data ◽  
Local Networks ◽  
Real Time Data ◽  
Internet Networks ◽  
Data Log

AbstrakJaringan internet yang saat ini di gunakan untuk penyimpanan data atau halaman informasi pada website menjadi rentan terhadap serangan, untuk meninkatkan keamanan website dan jaringannya, di butuhkan honeypot yang mampu menangkap serangan yang di lakukan pada jaringan lokal dan internet. Untuk memudahkan administrator mengatasi serangan digunakanlah pengelompokan serangan dengan metode K-Means untuk mengambil ip penyerang. Pembagian kelompok pada titik cluster akan menghasilkan output ip penyerang.serangan di ambil sercara realtime dari log yang di miliki honeypot dengan memanfaatkan MHN.Abstract The number of internet networks used for data storage or information pages on the website is vulnerable to attacks, to secure the security of their websites and networks, requiring honeypots that are capable of capturing attacks on local networks and the internet. To make it easier for administrators to tackle attacks in the use of attacking groupings with the K-Means method to retrieve the attacker ip. Group divisions at the cluster point will generate the ip output of the attacker. The strike is taken as realtime from the logs that have honeypot by utilizing the MHN.

Cluster-Based Countermeasures for DDoS Attacks

2016 ◽  
pp. 206-227
Author(s):  
Mohammad Jabed Morshed Chowdhury ◽  
Dileep Kumar G
Keyword(s):  
Unsupervised Learning ◽  
Network Traffic ◽  
Denial Of Service ◽  
Security Threats ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Real Progress ◽  
Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Network Worms

2011 ◽  
pp. 2783-2788
Author(s):  
Thomas M. Chen ◽  
Greg W. Tally
Keyword(s):  
Denial Of Service ◽  
Human Action ◽  
Network Services ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Functional Perspective ◽  
Internet Users ◽  
Confidential Data ◽  
Self Replication ◽  
E Mail

Internet users are currently plagued by an assortment of malicious software (malware). The Internet provides not only connectivity for network services such as e-mail and Web browsing, but also an environment for the spread of malware between computers. Users can be affected even if their computers are not vulnerable to malware. For example, fast-spreading worms can cause widespread congestion that will bring down network services. Worms and viruses are both common types of self-replicating malware but differ in their method of replication (Grimes, 2001; Harley, Slade, & Gattiker, 2001; Szor, 2005). A computer virus depends on hijacking control of another (host) program to attach a copy of its virus code to more files or programs. When the newly infected program is executed, the virus code is also executed. In contrast, a worm is a standalone program that does not depend on other programs (Nazario, 2004). It replicates by searching for vulnerable targets through the network, and attempts to transfer a copy of itself. Worms are dependent on the network environment to spread. Over the years, the Internet has become a fertile environment for worms to thrive. The constant exposure of computer users to worm threats from the Internet is a major concern. Another concern is the possible rate of infection. Because worms are automated programs, they can spread without any human action. The fastest time needed to infect a majority of Internet users is a matter of speculation, but some worry that a new worm outbreak could spread through the Internet much faster than defenses could detect and block it. The most reliable defenses are based on attack signatures. If a new worm does not have an existing signature, it could have some time to spread unhindered and complete its damage before a signature can be devised for it. Perhaps a greater concern about worms is their role as vehicles for delivery of other malware in their payload. Once a worm has compromised a host victim, it can execute any payload. Historical examples of worms have included: • Trojan horses: Software with a hidden malicious function, for example, to steal confidential data or open a backdoor; • Droppers: Designed to facilitate downloading of other malware; • Bots: Software to listen covertly for and execute remote commands, for example, to send spam or carry out a distributed denial of service (DDoS) attack. These types of malware are not able to spread by themselves, and therefore take advantage of the self-replication characteristic of worms to spread. This article presents a review of the historical development of worms, and an overview of worm anatomy from a functional perspective.

Booters: can anything justify distributed denial-of-service (DDoS) attacks for hire?

2017 ◽  
Vol 15 (01) ◽  
pp. 90-104 ◽  
Author(s):  
David Douglas ◽  
José Jair Santanna ◽  
Ricardo de Oliveira Schmidt ◽  
Lisandro Zambenedetti Granville ◽  
Aiko Pras
Keyword(s):  
Heavy Traffic ◽  
Denial Of Service ◽  
Civil Disobedience ◽  
Third Party ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Law Enforcement Agencies ◽  
Content Type ◽  
Testing Tools

Purpose This paper aims to examine whether there are morally defensible reasons for using or operating websites (called ‘booters’) that offer distributed denial-of-service (DDoS) attacks on a specified target to users for a price. Booters have been linked to some of the most powerful DDoS attacks in recent years. Design/methodology/approach The authors identify the various parties associated with booter websites and the means through which booters operate. Then, the authors present and evaluate the two arguments that they claim may be used to justify operating and using booters: that they are a useful tool for testing the ability of networks and servers to handle heavy traffic, and that they may be used to perform DDoS attacks as a form of civil disobedience on the internet. Findings The authors argue that the characteristics of existing booters disqualify them from being morally justified as network stress testing tools or as a means of performing civil disobedience. The use of botnets that include systems without the permission of their owners undermines the legitimacy of both justifications. While a booter that does not use any third-party systems without permission might in principle be justified under certain conditions, the authors argue that it is unlikely that any existing booters meet these requirements. Practical/implications Law enforcement agencies may use the arguments presented here to justify shutting down the operation of booters, and so reduce the number of DDoS attacks on the internet. Originality/value The value of this work is in critically examining the potential justifications for using and operating booter websites and in further exploring the ethical aspects of using DDoS attacks as a form of civil disobedience.

scholarly journals DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation

2018 ◽  
Vol 2018 ◽  
pp. 1-30 ◽  
Author(s):  
Michele De Donno ◽  
Nicola Dragoni ◽  
Alberto Giaretta ◽  
Angelo Spognardi
Keyword(s):  
Comparative Analysis ◽  
Internet Of Things ◽  
Detailed Analysis ◽  
Real World ◽  
General Framework ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
The Internet Of Things

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.

scholarly journals Anomaly Detection in Distributed Denial of Service Attack using Map Reduce Improvised Counter Based Algorithm in Hadoop

2019 ◽  
Vol 8 (4) ◽  
pp. 4668-4671
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Map Reduce ◽  
Distributed Denial Of Service ◽  
Unusual Pattern ◽  
Denial Of Service Attack

A Distributed denial of Service attacks(DDoS) is one of the major threats in the cyber network and it attacks the computers flooded with the Users Data Gram packet. These types of attacks causes major problem in the network in the form of crashing the system with large volume of traffic to attack the victim and make the victim idle in which not responding the requests. To detect this DDOS attack traditional intrusion detection system is not suitable to handle huge volume of data. Hadoop is a frame work which handles huge volume of data and is used to process the data to find any malicious activity in the data. In this research paper anomaly detection technique is implemented in Map Reduce Algorithm which detects the unusual pattern of data in the network traffic. To design a proposed model, Map Reduce platform is used to hold the improvised algorithm which detects the (DDoS) attacks by filtering and sorting the network traffic and detects the unusual pattern from the network. Improvised Map reduce algorithm is implemented with Map Reduce functionalities at the stage of verifying the network IPS. This Proposed algorithm focuses on the UDP flooding attack using Anomaly based Intrusion detection system technique which detects kind of pattern and flow of packets in the node is more than the threshold and also identifies the source code causing UDP Flood Attack.

scholarly journals Preventing & Isolating Distributed Denial of Service (DDOS) attack in Wireless Mesh Networks (WMN's)

2019 ◽  
Vol 8 (9S) ◽  
pp. 447-454
Keyword(s):  
Wireless Mesh Networks ◽  
Shortest Path ◽  
Mesh Networks ◽  
Denial Of Service ◽  
The Internet ◽  
Covert Channel ◽  
Distributed Denial Of Service ◽  
Application Layer ◽  
Ddos Attack ◽  
Wireless Mesh

Wireless Mesh networks (WMN’s) are prone to a number of attacks & these attacks compromise the security of these networks. Attaining security in these networks is a challenging task. It is logical to consider that there are many types of scripts in the internet. The virus can either be a key logger or somebody else's mischief. With this script we can steal any information. Since the existence of virus cannot be ignored, therefore the authors have tried to present their work on first detecting it and later on fixing it. With the help of different protocols present in the Application Layer, a hacker takes information out of the script. The authors have used Covert Channel, which has been mentioned in many essays. Now with the help of this channel, the information will go to all and it will not go to any of the informatics. This research proposal envisions a methodology to first detect the selfish node in the network & later on provides a technique for mitigation of the same.NS2 simulator has been used to simulate & analyze the performance of our proposed methodology for Open Shortest Path First (OSPF) protocol in WMN’s.

Sign in / Sign up

Export Citation Format

Share Document