Next Article in Journal
Establishment and Verification of the Cutting Grinding Force Model for the Disc Wheel Based on Piezoelectric Sensors
Previous Article in Journal
Enhanced Hydrogen Detection in ppb-Level by Electrospun SnO2-Loaded ZnO Nanofibers
Previous Article in Special Issue
Tell the Device Password: Smart Device Wi-Fi Connection Based on Audio Waves
Article Menu
Issue 3 (February-1) cover image

Export Article

Open AccessArticle
Sensors 2019, 19(3), 727;

Improving IoT Botnet Investigation Using an Adaptive Network Layer

DACS, University of Twente, 7522 NB Enschede, The Netherlands
2, Brazilian National Computer Emergency Response Team, Brazil, São Paulo 05801-000, Brazil
UFRGS, Federal University of Rio Grande do Sul, Porto Alegre 91501-970, Brazil
USP, University of São Paulo, São Paulo 05508-010, Brazil
Author to whom correspondence should be addressed.
Received: 25 December 2018 / Revised: 28 January 2019 / Accepted: 29 January 2019 / Published: 11 February 2019
(This article belongs to the Special Issue Threat Identification and Defence for Internet-of-Things)
Full-Text   |   PDF [685 KB, uploaded 11 February 2019]   |  


IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices. View Full-Text
Keywords: malware; IoT; botnet; malware analysis; SDN malware; IoT; botnet; malware analysis; SDN

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Ceron, J.M.; Steding-Jessen, K.; Hoepers, C.; Granville, L.Z.; Margi, C.B. Improving IoT Botnet Investigation Using an Adaptive Network Layer. Sensors 2019, 19, 727.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top