Abstract
The huge number of deployed Internet of Things (IoT) devices combined with the evolution of multiple technologies like machine learning, embedded systems, and cloud- and edge-based services has resulted in complex dynamic IoT networks. IoT networks are however increasingly a target for attacks and breaches. Recent progresses in artificial intelligence can result in effective security solutions. In order to design such AI-based solutions, an analysis of the structure and kill chain of IoT attacks is required. However, the IoT network attack surface is complex and heterogeneous because of devices that are different with respect to functions, protocols, architectures, and manufacturers and operate with deeply intertwined physical and software components. As a result, the structure of an attack in IoT networks is different from attacks in traditional network settings, and therefore conventional kill chains cannot be directly used to classify attacks. In this chapter, we survey different types of IoT attacks and malware observed in recent times. We then propose a new classification structured specifically for IoT attacks and malware with respect to which AI-based effective security solutions can be designed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anagnostopoulos, M., Kambourakis, G., Kopanos, P., Louloudakis, G., Gritzalis, S.: DNS amplification attack revisited. Comput. Secur. 39, 475–485 (2013)
Angrishi, K.: Turning internet of things (IoT) into internet of vulnerabilities (IoV): IoT botnets. Preprint (2017). arXiv:1702.03681
Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., Feamster, N.: Spying on the smart home: Privacy attacks and defenses on encrypted IoT traffic. Preprint (2017). arXiv:1708.05044
Borella, M.S.: Source models of network game traffic. Computer Communications 23(4), 403–410 (2000)
Cao, T., Shen, P., Bertino, E.: Cryptanalysis of some rfid authentication protocols. J. Commun. 3(7), 20–27 (2008)
Celik, Z.B., McDaniel, P., Tan, G.: Soteria: Automated IoT safety and security analysis. In: 2018 USENIX Annual Technical Conference, pp. 147–158 (2018)
Celik, Z.B., Tan, G., McDaniel, P.D.: IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)
Choi, S.J., Kwak, J.: A study on reduction of DDoS amplification attacks in the UDP-based CLDAP protocol. In: 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT), pp. 1–4. IEEE (2017)
Cimpanu, C.: Brickerbot author claims he bricked two million devices. Bleeping Computer, April (2017)
Cimpanu, C.: A gigantic IoT botnet has grown in the shadows in the past month (Oct 2017). https://www.bleepingcomputer.com/news/security/a-gigantic-iot-botnet-has-grown-in-the-shadows-in-the-past-month/
Cobb, S.: Rot: Ransomware of things (2017)
Coleman, C.: Addressing the cyber kill chain: Full Gartner research report and looking glass perspectives (2016)
De Donno, M., Dragoni, N., Giaretta, A., Spognardi, A.: DDoS-capable IoT malwares: Comparative analysis and mirai investigation. Secur. Commun. Networks 2018 (2018). https://doi.org/10.1155/2018/7178164
Devices, C., Health, R.: Safety communications - firmware update to address cybersecurity vulnerabilities identified in Abbott’s (formerly St. Jude Medical’s) implantable cardiac pacemakers: FDA safety communication. https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Diro, A.A., Chilamkurti, N.: Distributed attack detection scheme using deep learning approach for internet of things. Future Gener. Comput. Syst. 82, 761–768 (2018)
Farnaaz, N., Jabbar, M.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89(1), 213–217 (2016)
Feng, C., Li, T., Chana, D.: Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 261–272. IEEE (2017)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceedings of the 2016 IEEE Symposium on Security and Privacy, pp. 636–654. IEEE (2016)
Genge, B., Enăchescu, C.: Shovat: Shodan-based vulnerability assessment tool for internet-facing services. Secur. Commun. Networks 9(15), 2696–2714 (2016)
Ghafoor, I., Jattala, I., Durrani, S., Tahir, C.M.: Analysis of OpenSSL Heartbleed vulnerability for embedded systems. In: 17th IEEE International Multi Topic Conference 2014, pp. 314–319. IEEE (2014)
Goland, Y.Y., Cai, T., Leach, P., Gu, Y., Albright, S.: Simple service discovery protocol (1999)
Habibi, J., Midi, D., Mudgerikar, A., Bertino, E.: Heimdall: Mitigating the internet of insecure things. IEEE Internet Things J. 4(4), 968–978 (2017)
Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: Lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 461–472. ACM (2016)
Iotroop botnet: The full investigation (Feb 2018), https://research.checkpoint.com/iotroop-botnet-full-investigation/
Jia, Y.J., Chen, Q.A., Wang, S., Rahmati, A., Fernandes, E., Mao, Z.M., Prakash, A., Unviersity, S.J.: Contexlot: Towards providing contextual integrity to amplified IoT platforms. In: NDSS (2017)
Kenin, S.: Brickerbot analysis (Dec 2017). =https://www.trustwave.com/Resources/SpiderLabs-Blog/BrickerBot-mod-plaintext-Analysis
Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16(4), 507–521 (2007)
Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 553–568. Springer (2003)
Kim, G., Yi, H., Lee, J., Paek, Y., Yoon, S.: LSTM-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems. Preprint (2016). arXiv:1611.01726
Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Australasian Joint Conference on Artificial Intelligence, pp. 137–149. Springer (2016)
Krebs, B.: Krebs on security. https://www.krebsonsecurity.com/2017/10/fear-the-reaper-or-reaper-madness
Krebs, B.: Krebs on security. https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/
Kruegel, C., Toth, T.: Using decision trees to improve signature-based intrusion detection. In: International Workshop on Recent Advances in Intrusion Detection, pp. 173–191. Springer (2003)
Lee, J., Stanley, M., Spanias, A., Tepedelenlioglu, C.: Integrating machine learning in embedded sensor systems for internet-of-things applications. In: 2016 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 290–294. IEEE (2016)
Leyden, J.: Patch bash now: “shellshock” bug blasts OS X, Linux systems wide open (2014)
Li, H., Ota, K., Dong, M.: Learning IoT in edge: Deep learning for the internet of things with edge computing. IEEE Network 32(1), 96–101 (2018)
Li, T., Wang, G.: Security analysis of two ultra-lightweight rfid authentication protocols. In: IFIP International Information Security Conference, pp. 109–120. Springer (2007)
Linux.darlloz.: =https://www.symantec.com/security-response/writeup.jsp?docid=2013-112710-1612-99&tabid=2
Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.: Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst. Appl. 141, 112963 (2020)
Majkowski, M.: Memcrashed - major amplification attacks from UDP port 11211. blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211, accessed: 2018-03-07
Malkin, G., et al.: Rip version 2. Tech. rep., STD 56, RFC 2453, November (1998)
Malware, O.: https://openmalware.org
Martin, L.: Cyber kill chain®. URL: https://www.cyber.com. lockheedmartin. com/hubfs/Gaining the Advantage Cyber Kill Chain. pdf (2014)
Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis–a system for knowledge-driven adaptable intrusion detection for the internet of things. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 656–666. IEEE (2017)
Mills, D.L.: Internet time synchronization: the network time protocol. IEEE Trans. Commun. 39(10), 1482–1493 (1991)
Mmd-0057-2016 - linux/luabot - iot botnet as service ⋅ malwaremustdie!: http://blog.malwaremustdie.org/2016/09/mmd-0057-2016-new-elf-botnet-linuxluabot.html
Mohsin, M., Anwar, Z., Husari, G., Al-Shaer, E., Rahman, M.A.: IoTSAT: A formal framework for security analysis of the internet of things (IoT). In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 180–188. IEEE (2016)
Mudgerikar, A., Sharma, P., Bertino, E.: E-Spion: A system-level intrusion detection system for IoT devices. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 493–500 (2019)
Muñoz, R., Vilalta, R., Yoshikane, N., Casellas, R., Martínez, R., Tsuritani, T., Morita, I.: Integration of IoT, transport SDN, and edge/cloud computing for dynamic distribution of IoT analytics and efficient use of network resources. J. Lightwave Technol. 36(7), 1420–1428 (2018)
News, C.: Car hacked on 60 minutes (Feb 2015). https://www.cbsnews.com/news/car-hacked-on-60-minutes/
Nurse, J.R., Erola, A., Agrafiotis, I., Goldsmith, M., Creese, S.: Smart insiders: exploring the threat from insiders using the internet-of-things. In: 2015 International Workshop on Secure Internet of Things (SIoT), pp. 5–14. IEEE (2015)
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: analysing the rise of IoT compromises. EMU 9, 1 (2015)
Rao, X., Dong, C.X., Yang, S.Q.: An intrusion detection system based on support vector machine. J. Software 14(4), 798–803 (2003)
Raza, S., Wallgren, L., Voigt, T.: Svelte: Real-time intrusion detection in the internet of things. Adhoc Networks 11(8), 2661–2674 (2013)
Rouse, M.: What is IoT (internet of things) and how does it work? (Feb 2020). https://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT
Sarkar, P.G., Fitzgerald, S.: Attacks on SSL a comprehensive study of beast, crime, time, breach, lucky 13 & rc4 biases. Internet: https://www.isecpartners.com/media/106031/ssl_attacks_survey. pdf [June, 2014] (2013)
Srinivasan, R.: RPC: Remote procedure call protocol specification version 2 (1995)
Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att&ck: Design and philosophy. Technical report (2018)
Tian, Y., Zhang, N., Lin, Y.H., Wang, X., Ur, B., Guo, X., Tague, P.: Smartauth: User-centered authorization for the internet of things. In: Proceedings of the 26th USENIX Security Symposium, pp. 361–378 (2017)
Valente, J., Cardenas, A.: Security and privacy in smart toys. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, IoT S&P@CCS, Dallas, TX, USA, November 03, 2017, pp. 19–24 (2017)
Valeriano, B., Habel, P.: Who are the enemies? the visual framing of enemies in digital games. Int. Stud. Rev. 18(3), 462–486 (2016)
Van, N.T., Thinh, T.N., et al.: An anomaly-based network intrusion detection system using deep learning. In: 2017 International Conference on System Science and Engineering (ICSSE), pp. 210–214. IEEE (2017)
VirusTotal: https://www.virustotal.com
Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the internet of things. In: Network and Distributed Systems Symposium (2018)
Ward, M.: Smart meters can be hacked to cut power bills (Oct 2014). http://www.bbc.com/news/technology-29643276
Xiao, L., Wan, X., Lu, X., Zhang, Y., Wu, D.: IoT security techniques based on machine learning: How do IoT devices use AI to enhance security? IEEE Signal Process. Mag. 35(5), 41–49 (2018)
Zeifman, I., Bekerman, D., Herzberg, B.: Breaking down mirai: An IoT DDoS botnet analysis (2016). Imperva. Source: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Mudgerikar, A., Bertino, E. (2021). IoT Attacks and Malware. In: Chen, X., Susilo, W., Bertino, E. (eds) Cyber Security Meets Machine Learning. Springer, Singapore. https://doi.org/10.1007/978-981-33-6726-5_1
Download citation
DOI: https://doi.org/10.1007/978-981-33-6726-5_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6725-8
Online ISBN: 978-981-33-6726-5
eBook Packages: Computer ScienceComputer Science (R0)