Show simple item record

AuthorPour M.S.
AuthorMangino A.
AuthorFriday K.
AuthorRathbun M.
AuthorBou-Harb E.
AuthorIqbal F.
AuthorShaban K.
AuthorErradi A.
Available date2020-04-27T08:34:16Z
Publication Date2019
Publication NameACM International Conference Proceeding Series
URIhttp://dx.doi.org/10.1145/3339252.3339272
URIhttp://hdl.handle.net/10576/14501
AbstractThe insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructure realms. Several challenges impede addressing IoT security at large, including, the lack of IoT-centric data that can be collected, analyzed and correlated, due to the highly heterogeneous nature of such devices and their widespread deployments in Internet-wide environments. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. This not only aims at classifying and inferring Internet-scale compromised IoT devices by solely observing such one-way network traffic, but also endeavors to uncover, track and report on orchestrated "in the wild" IoT botnets. Initially, to prepare the effective utilization of such data, a novel probabilistic model is designed and developed to cleanse such traffic from noise samples (i.e., misconfiguration traffic). Subsequently, several shallow and deep learning models are evaluated to ultimately design and develop a multi-window convolution neural network trained on active and passive measurements to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is deployed by scrutinizing a set of innovative and efficient network feature sets. By analyzing 3.6 TB of recent darknet traffic, the proposed approach uncovers a momentous 440,000 compromised IoT devices and generates evidence-based artifacts related to 350 IoT botnets. While some of these detected botnets refer to previously documented campaigns such as the Hide and Seek, Hajime and Fbot, other events illustrate evolving threats such as those with cryptojacking capabilities and those that are targeting industrial control system communication and control services.
Languageen
PublisherAssociation for Computing Machinery
SubjectDeep learning
SubjectInternet measurements
SubjectInternet-of-Things
SubjectIoT botnets
SubjectNetwork security
SubjectNetwork telescopes
TitleData-driven curation, learning and analysis for inferring evolving IoT botnets in the wild
TypeConference Paper


Files in this item

Icon

This item appears in the following Collection(s)

Show simple item record