Improving IoT Botnet Investigation Using an Adaptive Network Layer
AbstractIoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices. View Full-Text
Share & Cite This Article
Ceron, J.M.; Steding-Jessen, K.; Hoepers, C.; Granville, L.Z.; Margi, C.B. Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors 2019, 19, 727.
Ceron JM, Steding-Jessen K, Hoepers C, Granville LZ, Margi CB. Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors. 2019; 19(3):727.Chicago/Turabian Style
Ceron, João M.; Steding-Jessen, Klaus; Hoepers, Cristine; Granville, Lisandro Z.; Margi, Cíntia B. 2019. "Improving IoT Botnet Investigation Using an Adaptive Network Layer." Sensors 19, no. 3: 727.
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.