Abstract
Gone are the days when cloud providers were attacked by flash crowds causing a DoS or malware running on a very large number of servers creating a DDoS. As the number of IoT devices connected to the Internet steadily increases, the cloud faces threats of flash crowds of IoT botnets controlled by malware such as Mirai, Bashlite and cryptojacking. In this paper, we propose and implement an adaptive filter that curtails DDoS attacks from a variety of compromised IoT bots. Experiments conclude that detection of IoT Botnets can be achieved with an accuracy rate of 99.69% and the detection of cryptojacking with a misclassification rate of 1.5%. The performance of the proposed adaptive filter is tested using the Amazon public cloud platform, and the results show that the adaptive filter can significantly reduce illegitimate botnet requests from variants such as FBOT, ARIS, EXIENDO and APEP and can reduce the instances processing time by 19%, connection time by 34% and the waiting time by 18%.
Similar content being viewed by others
References
Moghaddam Z, Ahmad I, Habibi D, Phung QV (2018) Smart charging strategy for electric vehicle charging stations. IEEE Trans Transp Electr 4(1):76–88
Figueiredo J, da Costa JS (2012) A SCADA system for energy management in intelligent buildings. Energy Build 49:85–98
Jara A, Zamora M, Skarmeta A (2010) An architecture based on internet of things to support mobility and security in medical environments. In: IEEE, pp 1–5
Scott C, Carbone R (2014) Designing and implementing a honeypot for a SCADA network. SANS Institute Reading Room
Zanella A, Bui N, Castellani A, Vangelista L, Zorzi M (2014) Internet of things for smart cities. IEEE Internet Things J 1(1):22–32
Rao BBP, Saluia P, Sharma N, Mittal A, Sharma SV (2012) Cloud computing for internet of things and sensing based applications. In: Sixth International Conference on Sensing Technology (ICST), pp 374–380
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Future Gener Comput Syst 82:761–768
Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6:7700–7712
Prokofiev AO, Smirnova YS, Surov VA (2018) A method to detect Internet of Things botnets. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp 105–108
Bertino E, Islam N (2017) Botnets and internet of things security. Computer 2:76–79
Ukil A, Sen J, Koilakonda S (2011) Embedded security for internet of things. In: Emerging Trends and Applications in Computer Science (NCETACS), pp 1–6
Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) IoDDoS—the internet of distributed denial of service attacks
Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDoS detection for consumer internet of things devices. In: 2018 IEEE security and privacy workshops (SPW)
De Donno M, Dragoni N, Giaretta A, Mazzara M (2016) AntibIoTic: protecting IoT devices against DDoS attacks. In: International Conference in Software Engineering for Defence Applications, pp 59–72
Thapngam T, Yu S, Zhou W, Beliakov G (2011) Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. In: 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 952–957
Zhang U, Luo X, Perdisci R, Gu G, Lee W, Feamster N (2011) Boosting the scalability of botnet detection using adaptive traffic sampling. In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS)
De Paula U, de Oliveira D, Frota Y, Barbosa VC, Drummond L (2015) Detecting and handling flash-crowd events on cloud environments. arXiv preprint arXiv:1510.03913
Stavrou A, Rubenstein D, Sahu S (2002) A lightweight, robust p2p system to handle flash crowds. In: IEEE International Conference on Network Protocols, pp 226–235
Ari I, Hong B, Miller EL, Brandt SA, De Long D (2003) Managing flash crowds on the internet. In: IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, pp 246–249
Chen X, Heidemann J (2005) Flash crowd mitigation via adaptive admission control based on application-level observations. ACM Trans Internet Technol (TOIT) 5(3):532–569
Ramamurthy P, Sekar V, Akella A, Krishnamurthy B, Shaikh A (2007) Using mini-flash crowds to infer resource constraints in remote web servers. In: ACM Proceedings of the 2007 SIGCOMM Workshop on Internet Network Management, pp 250–255
Atajanov M, Shimokawa T, Yoshida N (2007) Autonomic multi-server distribution in flash crowds alleviation network. In: International Conference on Embedded and Ubiquitous Computing. Springer, pp 309–320
Zeidan Loo HR, Manaf AA (2011) Botnet command and control mechanisms. In: Second International Conference on Computer and Electrical Engineering, ICCEE ‘09. pp 564–568
Plohmann D, Gerhards-Padilla E (2018) Case study of miner botnet. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–16
Murynets I, Jover RP (2013) Anomaly detection in cellular machine-to-machine communications. In: 2013 IEEE International Conference on Communications (ICC), Budapest, pp 2138–2143
Liu CM, Chen SY, Zhang Y, Chen R, Guo KL (2012) An IoT anomaly detection model based on artificial immunity. In: Advances materials research, vol 424. Trans Tech Publications, pp 625–628
Bringer ML, Chelmecki CA, Fujinoki H (2012) A survey: recent advances and future trends in honeypot research. Int J Comput Netw Inf Secur 4(10):63
Guarnizo JD, Tambe A, Bhunia SS, Ochoa M, Tippenhauer NO, Shabtai A, Elovici Y (2017) Siphon: towards scalable high-interaction physical honeypots. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, pp 57–68
Tuor A, Kaplan S, Hutchinson B, Nichols N, Robinson S (2017) Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In: Workshops at the Thirty-First AAAI Conference on Artificial Intelligence
Dong X, Hu J, Cui Y (2018) Overview of botnet detection based on machine learning. In: 2018 3rd International Conference on Mechanical, Control and Computer Engineering (ICMCCE), pp 476–479
Binkley JR, Singh S (2006) An algorithm for anomaly-based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’06)
Gu G, Porras P, Yegneswaran V, Fong M, Lee W (2007) BotHunter: detecting malware infection through IDS-driven dialog correlation. In: Proceedings of the 16th USENIX Security Symposium on USENIX Security Symposium (SS’07)
Zeidanloo HR, Manaf A, Ahmad R, Zamani M, Chaeikar S (2010) A proposed framework for P2P botnet detection. Int J Eng Technol 2(2):161
Yen T-F, Reiter MK (2008) Traffic aggregation for malware detection. In: Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ‘08)
Jelasity M, Bilicki V, et al (2009) Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET’09)
Villamarin-Salomon R, Brustoloni JC (2008) Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Proceedings of the 5th IEEE Consumer Communications and Networking Conference (CCNC’08)
Nagaraja S, Mittal P, Hong CY, et al (2010) BotGrep: finding P2P bots with structured graph analysis. In: Proceedings of the 19th USENIX Conference on Security Symposium. Washington, USA, pp 1–7
Gu GF, Perdisci R, Zhang JJ, Lee WK (2008) BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: Proceedings of the 17th USENIX Conference on Security Symposium. San Jose, USA, pp 139–154
Gu GF, Zhang JJ, Lee WK (2008) BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the Annual Network and Distributed System Security Symposium. San Diego, USA, pp 1–18
Chen S-C, Chen Y-R, Tzeng W-G (2018) Effective botnet detection through neural networks on convolutional features. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), pp 372–378
Livadas C, Walsh R, Lapsley D, Strayer T (2006) Analysis of flow records: don’t know: using machine learning techniques to identify botnet traffic. In: Proceedings of the 31st IEEE Conference on Local Computer Networks
Bahsi H, Nõmm S, La Torre FB (2018) Dimensionality reduction for machine learning based IoT botnet detection. In: 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV), pp 1857–1862
Zhao D, Traore I, Sayed B, Lu W, Saad S, Ghorbani A et al (2013) Botnet detection based on traffic behavior analysis and flow intervals. J Comput Secur 39:2–16
Al-Jarrah OY, Alhussein O, Yoo PD, Muhaidat S, Taha K, Kim K (2016) Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE Trans Cybern 46(8):1796–1806
Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-BaIoT—network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22
Gopal TS, Meerolla M, Jyostna G, Eswari PRL, Magesh E (2018) Mitigating Mirai malware spreading in IoT environment. In: 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 2226–2230
Habibi J, Midi D, Mudgerikar A, Bertino E (2017) Heimdall: mitigating the internet of insecure things. IEEE Internet Things J 4(4):968–978
Zeidanloo HR, Shooshtari MJZ, Amoli PV, Safari M, Zamani M (2010) A taxonomy of botnet detection techniques. In: IEEE
Anirudh M, Thileeban SA, Nallathambi DJ (2017) Use of honeypots for mitigating DoS attacks targeted on IoT networks. In: 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP), pp 1–4
Khattab SM, Sangpachatanaruk C, Mosse D, Melhem R, Znati T (2014) Roaming honeypots for mitigating service-level denial-of-service attacks. In: 34th International Conference on Distributed Computing Systems, 2014. Proceedings. Tokyo, Japan, pp 328–337
Provos N (2012) A virtual honeypot framework. In: USENIX Security Symposium, vol 173, pp 1–14
Eskandari S, Leoutsarakos A, Mursch T, Clark J (2018) A first look at browser-based cryptojacking. In: 2018 IEEE European Symposium on Security and Privacy Workshops, pp 58–66
Zareh A, Zareh A (2018) BotcoinTrap: detection of bitcoin miner botnet using host based approach. In: 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp 1–6
Carlin D, OrKane P, Sezer S, Burgess J (2018) Detecting cryptomining using dynamic analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–6
Hong G, Yang Z, Yang S, Zhang L, Nan Y, Zhang Z, Yang M et al (2018) How you get shot in the back: a systematical study about cryptojacking in the real world. In: 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18), pp 15–19
Saad M, Khormali A, Mohaisen A (2018) End-to-end analysis of in-browser cryptojacking. arXiv:1809.02152 [cs.CR], pp 1–15
Wyke J, Labs S (2012) The zero access botnet–mining and fraud for massive financial gain, pp 1–60
Acknowledgements
I acknowledge all the anonymous reviewers for providing their valuable comments which helped in enhancing the quality of the work.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Om Kumar, C.U., Sathia Bhama, P.R.K. Detecting and confronting flash attacks from IoT botnets. J Supercomput 75, 8312–8338 (2019). https://doi.org/10.1007/s11227-019-03005-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-019-03005-2