Data-driven curation, learning and analysis for inferring evolving IoT botnets in the wild

Author First name, Last name, Institution

Morteza Safaei Pour, Florida Atlantic University
Antonio Mangino, Florida Atlantic University
Kurt Friday, Florida Atlantic University
Matthias Rathbun, Florida Atlantic University
Elias Bou-Harb, Florida Atlantic University
Farkhund Iqbal, Zayed University
Khaled Shaban, Qatar University
Abdelkarim Erradi, Qatar University

Document Type

Conference Proceeding

Source of Publication

ACM International Conference Proceeding Series

Publication Date

8-26-2019

Abstract

© 2019 Association for Computing Machinery. The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructure realms. Several challenges impede addressing IoT security at large, including, the lack of IoT-centric data that can be collected, analyzed and correlated, due to the highly heterogeneous nature of such devices and their widespread deployments in Internet-wide environments. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. This not only aims at classifying and inferring Internet-scale compromised IoT devices by solely observing such one-way network traffic, but also endeavors to uncover, track and report on orchestrated “in the wild” IoT botnets. Initially, to prepare the effective utilization of such data, a novel probabilistic model is designed and developed to cleanse such traffic from noise samples (i.e., misconfiguration traffic). Subsequently, several shallow and deep learning models are evaluated to ultimately design and develop a multi-window convolution neural network trained on active and passive measurements to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is deployed by scrutinizing a set of innovative and efficient network feature sets. By analyzing 3.6 TB of recent darknet traffic, the proposed approach uncovers a momentous 440,000 compromised IoT devices and generates evidence-based artifacts related to 350 IoT botnets. While some of these detected botnets refer to previously documented campaigns such as the Hide and Seek, Hajime and Fbot, other events illustrate evolving threats such as those with cryptojacking capabilities and those that are targeting industrial control system communication and control services.

DOI Link

10.1145/3339252.3339272

ISBN

9781450371643

Publisher

Association for Computing Machinery

Disciplines

Computer Sciences

Keywords

Deep learning, Internet measurements, Internet-of-Things, IoT botnets, Network security, Network telescopes

Scopus ID

85071400368

Recommended Citation

Pour, Morteza Safaei; Mangino, Antonio; Friday, Kurt; Rathbun, Matthias; Bou-Harb, Elias; Iqbal, Farkhund; Shaban, Khaled; and Erradi, Abdelkarim, "Data-driven curation, learning and analysis for inferring evolving IoT botnets in the wild" (2019). All Works. 1165.
https://zuscholars.zu.ac.ae/works/1165

Indexed in Scopus

yes

Open Access

yes

Open Access Type

Green: A manuscript of this publication is openly available in a repository