Skip to main content
SpringerLink
Log in

Detecting and confronting flash attacks from IoT botnets

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Gone are the days when cloud providers were attacked by flash crowds causing a DoS or malware running on a very large number of servers creating a DDoS. As the number of IoT devices connected to the Internet steadily increases, the cloud faces threats of flash crowds of IoT botnets controlled by malware such as Mirai, Bashlite and cryptojacking. In this paper, we propose and implement an adaptive filter that curtails DDoS attacks from a variety of compromised IoT bots. Experiments conclude that detection of IoT Botnets can be achieved with an accuracy rate of 99.69% and the detection of cryptojacking with a misclassification rate of 1.5%. The performance of the proposed adaptive filter is tested using the Amazon public cloud platform, and the results show that the adaptive filter can significantly reduce illegitimate botnet requests from variants such as FBOT, ARIS, EXIENDO and APEP and can reduce the instances processing time by 19%, connection time by 34% and the waiting time by 18%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Similar content being viewed by others

References

  1. Moghaddam Z, Ahmad I, Habibi D, Phung QV (2018) Smart charging strategy for electric vehicle charging stations. IEEE Trans Transp Electr 4(1):76–88

    Article  Google Scholar 

  2. Figueiredo J, da Costa JS (2012) A SCADA system for energy management in intelligent buildings. Energy Build 49:85–98

    Article  Google Scholar 

  3. Jara A, Zamora M, Skarmeta A (2010) An architecture based on internet of things to support mobility and security in medical environments. In: IEEE, pp 1–5

  4. Scott C, Carbone R (2014) Designing and implementing a honeypot for a SCADA network. SANS Institute Reading Room

  5. Zanella A, Bui N, Castellani A, Vangelista L, Zorzi M (2014) Internet of things for smart cities. IEEE Internet Things J 1(1):22–32

    Article  Google Scholar 

  6. Rao BBP, Saluia P, Sharma N, Mittal A, Sharma SV (2012) Cloud computing for internet of things and sensing based applications. In: Sixth International Conference on Sensing Technology (ICST), pp 374–380

  7. Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Future Gener Comput Syst 82:761–768

    Article  Google Scholar 

  8. Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6:7700–7712

    Article  Google Scholar 

  9. Prokofiev AO, Smirnova YS, Surov VA (2018) A method to detect Internet of Things botnets. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp 105–108

  10. Bertino E, Islam N (2017) Botnets and internet of things security. Computer 2:76–79

    Article  Google Scholar 

  11. Ukil A, Sen J, Koilakonda S (2011) Embedded security for internet of things. In: Emerging Trends and Applications in Computer Science (NCETACS), pp 1–6

  12. Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) IoDDoS—the internet of distributed denial of service attacks

  13. Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDoS detection for consumer internet of things devices. In: 2018 IEEE security and privacy workshops (SPW)

  14. De Donno M, Dragoni N, Giaretta A, Mazzara M (2016) AntibIoTic: protecting IoT devices against DDoS attacks. In: International Conference in Software Engineering for Defence Applications, pp 59–72

  15. Thapngam T, Yu S, Zhou W, Beliakov G (2011) Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. In: 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 952–957

  16. Zhang U, Luo X, Perdisci R, Gu G, Lee W, Feamster N (2011) Boosting the scalability of botnet detection using adaptive traffic sampling. In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS)

  17. De Paula U, de Oliveira D, Frota Y, Barbosa VC, Drummond L (2015) Detecting and handling flash-crowd events on cloud environments. arXiv preprint arXiv:1510.03913

  18. Stavrou A, Rubenstein D, Sahu S (2002) A lightweight, robust p2p system to handle flash crowds. In: IEEE International Conference on Network Protocols, pp 226–235

  19. Ari I, Hong B, Miller EL, Brandt SA, De Long D (2003) Managing flash crowds on the internet. In: IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, pp 246–249

  20. Chen X, Heidemann J (2005) Flash crowd mitigation via adaptive admission control based on application-level observations. ACM Trans Internet Technol (TOIT) 5(3):532–569

    Article  Google Scholar 

  21. Ramamurthy P, Sekar V, Akella A, Krishnamurthy B, Shaikh A (2007) Using mini-flash crowds to infer resource constraints in remote web servers. In: ACM Proceedings of the 2007 SIGCOMM Workshop on Internet Network Management, pp 250–255

  22. Atajanov M, Shimokawa T, Yoshida N (2007) Autonomic multi-server distribution in flash crowds alleviation network. In: International Conference on Embedded and Ubiquitous Computing. Springer, pp 309–320

  23. Zeidan Loo HR, Manaf AA (2011) Botnet command and control mechanisms. In: Second International Conference on Computer and Electrical Engineering, ICCEE ‘09. pp 564–568

  24. Plohmann D, Gerhards-Padilla E (2018) Case study of miner botnet. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–16

  25. Murynets I, Jover RP (2013) Anomaly detection in cellular machine-to-machine communications. In: 2013 IEEE International Conference on Communications (ICC), Budapest, pp 2138–2143

  26. Liu CM, Chen SY, Zhang Y, Chen R, Guo KL (2012) An IoT anomaly detection model based on artificial immunity. In: Advances materials research, vol 424. Trans Tech Publications, pp 625–628

  27. Bringer ML, Chelmecki CA, Fujinoki H (2012) A survey: recent advances and future trends in honeypot research. Int J Comput Netw Inf Secur 4(10):63

    Google Scholar 

  28. Guarnizo JD, Tambe A, Bhunia SS, Ochoa M, Tippenhauer NO, Shabtai A, Elovici Y (2017) Siphon: towards scalable high-interaction physical honeypots. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, pp 57–68

  29. Tuor A, Kaplan S, Hutchinson B, Nichols N, Robinson S (2017) Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In: Workshops at the Thirty-First AAAI Conference on Artificial Intelligence

  30. Dong X, Hu J, Cui Y (2018) Overview of botnet detection based on machine learning. In: 2018 3rd International Conference on Mechanical, Control and Computer Engineering (ICMCCE), pp 476–479

  31. Binkley JR, Singh S (2006) An algorithm for anomaly-based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’06)

  32. Gu G, Porras P, Yegneswaran V, Fong M, Lee W (2007) BotHunter: detecting malware infection through IDS-driven dialog correlation. In: Proceedings of the 16th USENIX Security Symposium on USENIX Security Symposium (SS’07)

  33. Zeidanloo HR, Manaf A, Ahmad R, Zamani M, Chaeikar S (2010) A proposed framework for P2P botnet detection. Int J Eng Technol 2(2):161

    Google Scholar 

  34. Yen T-F, Reiter MK (2008) Traffic aggregation for malware detection. In: Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ‘08)

  35. Jelasity M, Bilicki V, et al (2009) Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET’09)

  36. Villamarin-Salomon R, Brustoloni JC (2008) Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Proceedings of the 5th IEEE Consumer Communications and Networking Conference (CCNC’08)

  37. Nagaraja S, Mittal P, Hong CY, et al (2010) BotGrep: finding P2P bots with structured graph analysis. In: Proceedings of the 19th USENIX Conference on Security Symposium. Washington, USA, pp 1–7

  38. Gu GF, Perdisci R, Zhang JJ, Lee WK (2008) BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: Proceedings of the 17th USENIX Conference on Security Symposium. San Jose, USA, pp 139–154

  39. Gu GF, Zhang JJ, Lee WK (2008) BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the Annual Network and Distributed System Security Symposium. San Diego, USA, pp 1–18

  40. Chen S-C, Chen Y-R, Tzeng W-G (2018) Effective botnet detection through neural networks on convolutional features. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), pp 372–378

  41. Livadas C, Walsh R, Lapsley D, Strayer T (2006) Analysis of flow records: don’t know: using machine learning techniques to identify botnet traffic. In: Proceedings of the 31st IEEE Conference on Local Computer Networks

  42. Bahsi H, Nõmm S, La Torre FB (2018) Dimensionality reduction for machine learning based IoT botnet detection. In: 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV), pp 1857–1862

  43. Zhao D, Traore I, Sayed B, Lu W, Saad S, Ghorbani A et al (2013) Botnet detection based on traffic behavior analysis and flow intervals. J Comput Secur 39:2–16

    Article  Google Scholar 

  44. Al-Jarrah OY, Alhussein O, Yoo PD, Muhaidat S, Taha K, Kim K (2016) Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE Trans Cybern 46(8):1796–1806

    Article  Google Scholar 

  45. Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-BaIoT—network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22

    Article  Google Scholar 

  46. Gopal TS, Meerolla M, Jyostna G, Eswari PRL, Magesh E (2018) Mitigating Mirai malware spreading in IoT environment. In: 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 2226–2230

  47. Habibi J, Midi D, Mudgerikar A, Bertino E (2017) Heimdall: mitigating the internet of insecure things. IEEE Internet Things J 4(4):968–978

    Article  Google Scholar 

  48. Zeidanloo HR, Shooshtari MJZ, Amoli PV, Safari M, Zamani M (2010) A taxonomy of botnet detection techniques. In: IEEE

  49. Anirudh M, Thileeban SA, Nallathambi DJ (2017) Use of honeypots for mitigating DoS attacks targeted on IoT networks. In: 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP), pp 1–4

  50. Khattab SM, Sangpachatanaruk C, Mosse D, Melhem R, Znati T (2014) Roaming honeypots for mitigating service-level denial-of-service attacks. In: 34th International Conference on Distributed Computing Systems, 2014. Proceedings. Tokyo, Japan, pp 328–337

  51. Provos N (2012) A virtual honeypot framework. In: USENIX Security Symposium, vol 173, pp 1–14

  52. Eskandari S, Leoutsarakos A, Mursch T, Clark J (2018) A first look at browser-based cryptojacking. In: 2018 IEEE European Symposium on Security and Privacy Workshops, pp 58–66

  53. Zareh A, Zareh A (2018) BotcoinTrap: detection of bitcoin miner botnet using host based approach. In: 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp 1–6

  54. Carlin D, OrKane P, Sezer S, Burgess J (2018) Detecting cryptomining using dynamic analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–6

  55. Hong G, Yang Z, Yang S, Zhang L, Nan Y, Zhang Z, Yang M et al (2018) How you get shot in the back: a systematical study about cryptojacking in the real world. In: 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18), pp 15–19

  56. Saad M, Khormali A, Mohaisen A (2018) End-to-end analysis of in-browser cryptojacking. arXiv:1809.02152 [cs.CR], pp 1–15

  57. Wyke J, Labs S (2012) The zero access botnet–mining and fraud for massive financial gain, pp 1–60

Download references

Acknowledgements

I acknowledge all the anonymous reviewers for providing their valuable comments which helped in enhancing the quality of the work.

Author information

Authors and Affiliations

  1. Department of Computer Technology, Madras Institute of Technology - Anna University, Chennai, Tamil Nadu, 600044, India

    C. U. Om Kumar & Ponsy R. K. Sathia Bhama

Authors
  1. C. U. Om Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ponsy R. K. Sathia Bhama
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to C. U. Om Kumar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Om Kumar, C.U., Sathia Bhama, P.R.K. Detecting and confronting flash attacks from IoT botnets. J Supercomput 75, 8312–8338 (2019). https://doi.org/10.1007/s11227-019-03005-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-019-03005-2

Keywords

Search

Navigation