عرض بسيط للتسجيلة

المؤلفPour M.S.
المؤلفMangino A.
المؤلفFriday K.
المؤلفRathbun M.
المؤلفBou-Harb E.
المؤلفIqbal F.
المؤلفShaban K.
المؤلفErradi A.
تاريخ الإتاحة2020-04-27T08:34:16Z
تاريخ النشر2019
اسم المنشورACM International Conference Proceeding Series
المصدرScopus
معرّف المصادر الموحدhttp://dx.doi.org/10.1145/3339252.3339272
معرّف المصادر الموحدhttp://hdl.handle.net/10576/14501
الملخصThe insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructure realms. Several challenges impede addressing IoT security at large, including, the lack of IoT-centric data that can be collected, analyzed and correlated, due to the highly heterogeneous nature of such devices and their widespread deployments in Internet-wide environments. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. This not only aims at classifying and inferring Internet-scale compromised IoT devices by solely observing such one-way network traffic, but also endeavors to uncover, track and report on orchestrated "in the wild" IoT botnets. Initially, to prepare the effective utilization of such data, a novel probabilistic model is designed and developed to cleanse such traffic from noise samples (i.e., misconfiguration traffic). Subsequently, several shallow and deep learning models are evaluated to ultimately design and develop a multi-window convolution neural network trained on active and passive measurements to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is deployed by scrutinizing a set of innovative and efficient network feature sets. By analyzing 3.6 TB of recent darknet traffic, the proposed approach uncovers a momentous 440,000 compromised IoT devices and generates evidence-based artifacts related to 350 IoT botnets. While some of these detected botnets refer to previously documented campaigns such as the Hide and Seek, Hajime and Fbot, other events illustrate evolving threats such as those with cryptojacking capabilities and those that are targeting industrial control system communication and control services.
اللغةen
الناشرAssociation for Computing Machinery
الموضوعDeep learning
Internet measurements
Internet-of-Things
IoT botnets
Network security
Network telescopes
العنوانData-driven curation, learning and analysis for inferring evolving IoT botnets in the wild
النوعConference Paper


الملفات في هذه التسجيلة

Thumbnail

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة