Embedded Files
OVERVIEW
OVERVIEW
There are many security and privacy concerns plaguing IoT devices such as presence of legacy devices (with no security updates), lack of priority to security during development cycle, and the computational expensiveness of implementing conventional cryptography (due to limited processing power, memory etc.). As a result, IoT devices are becoming a popular tool in the hands of hackers who can exploit them for further attacks (see this and this) and even compromise large scale networks. Moreover, IoT devices are introducing new privacy concerns for users with the huge amounts of user behavioral data being exposed to the internet. Thus, there is increasing interest in studying security and privacy vulnerabilities in the IoT and exploring suitable countermeasures.
My previous research interests spanned across next generation wireless communications, statistical signal processing and image processing. I have worked as a Project Associate in the Multimedia Wireless Networks Lab at Dept. of Electrical Engineering, IIT Kanpur. Our research there was focused on designing GLRT based robust spectrum sensing schemes for SC-FDMA Cognitive Radio Systems and investigating their performance through MATLAB simulations.
DETAILS
DETAILS
A Secure Contained Testbed For Analyzing IoT Botnets
A Secure Contained Testbed For Analyzing IoT Botnets
IoT botnets, consisting of at least hundreds-of-thousands of bots, are currently present ``in-the-wild'' and are only expected to grow in the future, with the potential to cause significant network downtimes and financial losses to network companies. We propose, therefore, to build testbeds for evaluating IoT botnets and design suitable mitigation techniques against them. A DETERlab-based IoT botnet testbed is presented in this work. The testbed is built in a secure contained environment and includes ancillary services such as DHCP, DNS as well as botnet infrastructure including CnC and scanListen/loading servers. Developing an IoT botnet testbed presented us with some unique challenges which are different from those encountered in non-IoT botnet testbeds and we highlight them in this paper. Further, we point out the important features of our testbed and illustrate some of its capabilities through experimental results.
Ref: https://link.springer.com/chapter/10.1007/978-3-030-12971-2_8
Early Detection Of Mirai-Like IoT Bots In Large-Scale Networks Through Sub-Sampled Packet Traffic Analysis
Early Detection Of Mirai-Like IoT Bots In Large-Scale Networks Through Sub-Sampled Packet Traffic Analysis
In this research, we develop a network-based algorithm which can be used to detect IoT bots infected by Mirai or similar malware in large-scale networks (e.g. ISP network). The algorithm particularly targets bots scanning the network for vulnerable devices since the typical scanning phase for botnets lasts for months and the bots can be detected much before they are involved in an actual attack. We analyze the unique signatures of the Mirai malware to identify its presence in an IoT device. The prospective deployment of our bot detection solution is discussed next along with the countermeasures which can be taken post detection. Further, to optimize the usage of computational resources, we use a two-dimensional (2D) packet sampling approach, wherein we sample the packets transmitted by IoT devices both across time and across the devices. Leveraging the Mirai signatures identified and the 2D packet sampling approach, a bot detection algorithm is proposed. Subsequently, we use testbed measurements and simulations to study the relationship between bot detection delays and the sampling frequencies for device packets. Finally, we derive insights from the obtained results and use them to design our proposed bot detection algorithm.
Ref: https://link.springer.com/chapter/10.1007/978-3-030-12385-7_58
EDIMA: Early Detection of IoT Malware Scanning Activity Using Machine Learning Techniques
EDIMA: Early Detection of IoT Malware Scanning Activity Using Machine Learning Techniques
Post the Mirai-based DDoS attack in 2016 which compromised thousands of IoT devices, a host of new malware using Mirai's leaked source code and targeting IoT devices have cropped up, e.g. Satori, Reaper, Amnesia, Masuta etc. These malware exploit software vulnerabilities to infect IoT devices instead of open TELNET ports (like Mirai) making them more difficult to block using existing solutions such as firewalls. In this research, we present EDIMA, a distributed modular solution which can be used towards the detection of IoT malware network activity in large-scale networks (e.g. ISP, enterprise networks) during the scanning/infecting phase rather than during an attack. EDIMA employs machine learning algorithms for edge devices' traffic classification, a packet traffic feature vector database, a policy module and an optional packet sub-sampling module. We evaluate the classification performance of EDIMA through testbed experiments and present the results obtained.
Ref: https://ieeexplore.ieee.org/document/8767194
Machine Learning-Based Early Detection of IoT Botnets Using Network-Edge Traffic
Machine Learning-Based Early Detection of IoT Botnets Using Network-Edge Traffic
In this work, we present a lightweight IoT botnet detection solution, EDIMA, which is designed to be deployed at the edge gateway installed in home networks and targets early detection of botnets prior to the launch of an attack. EDIMA includes a novel two-stage Machine Learning (ML)-based detector developed specifically for IoT bot detection at the edge gateway. The ML-based bot detector first employs supervised ML algorithms for aggregate traffic classification and subsequently Autocorrelation Function (ACF)-based tests to detect individual bots. The EDIMA architecture also comprises a malware traffic database, a policy engine, a feature extractor and a traffic parser. Performance evaluation results using our testbed setup with real-world IoT malware traffic as well as other public IoT datasets show that EDIMA achieves high bot scanning and bot-CnC traffic detection accuracies with very low false positive rates. The detection performance is also shown to be robust to an increase in the number of IoT devices connected to the edge gateway where EDIMA is deployed. Further, the runtime performance analysis of a Python implementation of EDIMA deployed on a Raspberry Pi reveals low bot detection delays and low RAM consumption. EDIMA is also shown to outperform existing detection techniques for bot scanning traffic and bot-CnC server communication.
Ref (Short version) : https://link.springer.com/chapter/10.1007/978-3-030-63095-9_15
PDF: https://arxiv.org/abs/2010.11453
Google Sites
Report abuse