Skip to main content
SpringerLink
Log in

IoT Attacks and Malware

  • Chapter
  • First Online:
Cyber Security Meets Machine Learning

Abstract

The huge number of deployed Internet of Things (IoT) devices combined with the evolution of multiple technologies like machine learning, embedded systems, and cloud- and edge-based services has resulted in complex dynamic IoT networks. IoT networks are however increasingly a target for attacks and breaches. Recent progresses in artificial intelligence can result in effective security solutions. In order to design such AI-based solutions, an analysis of the structure and kill chain of IoT attacks is required. However, the IoT network attack surface is complex and heterogeneous because of devices that are different with respect to functions, protocols, architectures, and manufacturers and operate with deeply intertwined physical and software components. As a result, the structure of an attack in IoT networks is different from attacks in traditional network settings, and therefore conventional kill chains cannot be directly used to classify attacks. In this chapter, we survey different types of IoT attacks and malware observed in recent times. We then propose a new classification structured specifically for IoT attacks and malware with respect to which AI-based effective security solutions can be designed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anagnostopoulos, M., Kambourakis, G., Kopanos, P., Louloudakis, G., Gritzalis, S.: DNS amplification attack revisited. Comput. Secur. 39, 475–485 (2013)

    Article  Google Scholar 

  2. Angrishi, K.: Turning internet of things (IoT) into internet of vulnerabilities (IoV): IoT botnets. Preprint (2017). arXiv:1702.03681

    Google Scholar 

  3. Apthorpe, N., Reisman, D., Sundaresan, S., Narayanan, A., Feamster, N.: Spying on the smart home: Privacy attacks and defenses on encrypted IoT traffic. Preprint (2017). arXiv:1708.05044

    Google Scholar 

  4. Borella, M.S.: Source models of network game traffic. Computer Communications 23(4), 403–410 (2000)

    Article  Google Scholar 

  5. Cao, T., Shen, P., Bertino, E.: Cryptanalysis of some rfid authentication protocols. J. Commun. 3(7), 20–27 (2008)

    Article  Google Scholar 

  6. Celik, Z.B., McDaniel, P., Tan, G.: Soteria: Automated IoT safety and security analysis. In: 2018 USENIX Annual Technical Conference, pp. 147–158 (2018)

    Google Scholar 

  7. Celik, Z.B., Tan, G., McDaniel, P.D.: IoTGuard: Dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)

    Google Scholar 

  8. Choi, S.J., Kwak, J.: A study on reduction of DDoS amplification attacks in the UDP-based CLDAP protocol. In: 2017 4th International Conference on Computer Applications and Information Processing Technology (CAIPT), pp. 1–4. IEEE (2017)

    Google Scholar 

  9. Cimpanu, C.: Brickerbot author claims he bricked two million devices. Bleeping Computer, April (2017)

    Google Scholar 

  10. Cimpanu, C.: A gigantic IoT botnet has grown in the shadows in the past month (Oct 2017). https://www.bleepingcomputer.com/news/security/a-gigantic-iot-botnet-has-grown-in-the-shadows-in-the-past-month/

  11. Cobb, S.: Rot: Ransomware of things (2017)

    Google Scholar 

  12. Coleman, C.: Addressing the cyber kill chain: Full Gartner research report and looking glass perspectives (2016)

    Google Scholar 

  13. De Donno, M., Dragoni, N., Giaretta, A., Spognardi, A.: DDoS-capable IoT malwares: Comparative analysis and mirai investigation. Secur. Commun. Networks 2018 (2018). https://doi.org/10.1155/2018/7178164

  14. Devices, C., Health, R.: Safety communications - firmware update to address cybersecurity vulnerabilities identified in Abbott’s (formerly St. Jude Medical’s) implantable cardiac pacemakers: FDA safety communication. https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm

  15. Diro, A.A., Chilamkurti, N.: Distributed attack detection scheme using deep learning approach for internet of things. Future Gener. Comput. Syst. 82, 761–768 (2018)

    Article  Google Scholar 

  16. Farnaaz, N., Jabbar, M.: Random forest modeling for network intrusion detection system. Procedia Comput. Sci. 89(1), 213–217 (2016)

    Article  Google Scholar 

  17. Feng, C., Li, T., Chana, D.: Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 261–272. IEEE (2017)

    Google Scholar 

  18. Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceedings of the 2016 IEEE Symposium on Security and Privacy, pp. 636–654. IEEE (2016)

    Google Scholar 

  19. Genge, B., Enăchescu, C.: Shovat: Shodan-based vulnerability assessment tool for internet-facing services. Secur. Commun. Networks 9(15), 2696–2714 (2016)

    Article  Google Scholar 

  20. Ghafoor, I., Jattala, I., Durrani, S., Tahir, C.M.: Analysis of OpenSSL Heartbleed vulnerability for embedded systems. In: 17th IEEE International Multi Topic Conference 2014, pp. 314–319. IEEE (2014)

    Google Scholar 

  21. Goland, Y.Y., Cai, T., Leach, P., Gu, Y., Albright, S.: Simple service discovery protocol (1999)

    Google Scholar 

  22. Habibi, J., Midi, D., Mudgerikar, A., Bertino, E.: Heimdall: Mitigating the internet of insecure things. IEEE Internet Things J. 4(4), 968–978 (2017)

    Article  Google Scholar 

  23. Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: Lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 461–472. ACM (2016)

    Google Scholar 

  24. Iotroop botnet: The full investigation (Feb 2018), https://research.checkpoint.com/iotroop-botnet-full-investigation/

  25. Jia, Y.J., Chen, Q.A., Wang, S., Rahmati, A., Fernandes, E., Mao, Z.M., Prakash, A., Unviersity, S.J.: Contexlot: Towards providing contextual integrity to amplified IoT platforms. In: NDSS (2017)

    Google Scholar 

  26. Kenin, S.: Brickerbot analysis (Dec 2017). =https://www.trustwave.com/Resources/SpiderLabs-Blog/BrickerBot-mod-plaintext-Analysis

  27. Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16(4), 507–521 (2007)

    Article  Google Scholar 

  28. Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 553–568. Springer (2003)

    Google Scholar 

  29. Kim, G., Yi, H., Lee, J., Paek, Y., Yoon, S.: LSTM-based system-call language modeling and robust ensemble method for designing host-based intrusion detection systems. Preprint (2016). arXiv:1611.01726

    Google Scholar 

  30. Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Australasian Joint Conference on Artificial Intelligence, pp. 137–149. Springer (2016)

    Google Scholar 

  31. Krebs, B.: Krebs on security. https://www.krebsonsecurity.com/2017/10/fear-the-reaper-or-reaper-madness

  32. Krebs, B.: Krebs on security. https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/

  33. Kruegel, C., Toth, T.: Using decision trees to improve signature-based intrusion detection. In: International Workshop on Recent Advances in Intrusion Detection, pp. 173–191. Springer (2003)

    Google Scholar 

  34. Lee, J., Stanley, M., Spanias, A., Tepedelenlioglu, C.: Integrating machine learning in embedded sensor systems for internet-of-things applications. In: 2016 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), pp. 290–294. IEEE (2016)

    Google Scholar 

  35. Leyden, J.: Patch bash now: “shellshock” bug blasts OS X, Linux systems wide open (2014)

    Google Scholar 

  36. Li, H., Ota, K., Dong, M.: Learning IoT in edge: Deep learning for the internet of things with edge computing. IEEE Network 32(1), 96–101 (2018)

    Article  Google Scholar 

  37. Li, T., Wang, G.: Security analysis of two ultra-lightweight rfid authentication protocols. In: IFIP International Information Security Conference, pp. 109–120. Springer (2007)

    Google Scholar 

  38. Linux.darlloz.: =https://www.symantec.com/security-response/writeup.jsp?docid=2013-112710-1612-99&tabid=2

  39. Lopez-Martin, M., Carro, B., Sanchez-Esguevillas, A.: Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Syst. Appl. 141, 112963 (2020)

    Article  Google Scholar 

  40. Majkowski, M.: Memcrashed - major amplification attacks from UDP port 11211. blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211, accessed: 2018-03-07

  41. Malkin, G., et al.: Rip version 2. Tech. rep., STD 56, RFC 2453, November (1998)

    Google Scholar 

  42. Malware, O.: https://openmalware.org

  43. Martin, L.: Cyber kill chain®. URL: https://www.cyber.com. lockheedmartin. com/hubfs/Gaining the Advantage Cyber Kill Chain. pdf (2014)

  44. Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis–a system for knowledge-driven adaptable intrusion detection for the internet of things. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 656–666. IEEE (2017)

    Google Scholar 

  45. Mills, D.L.: Internet time synchronization: the network time protocol. IEEE Trans. Commun. 39(10), 1482–1493 (1991)

    Article  Google Scholar 

  46. Mmd-0057-2016 - linux/luabot - iot botnet as service ⋅ malwaremustdie!: http://blog.malwaremustdie.org/2016/09/mmd-0057-2016-new-elf-botnet-linuxluabot.html

  47. Mohsin, M., Anwar, Z., Husari, G., Al-Shaer, E., Rahman, M.A.: IoTSAT: A formal framework for security analysis of the internet of things (IoT). In: 2016 IEEE Conference on Communications and Network Security (CNS), pp. 180–188. IEEE (2016)

    Google Scholar 

  48. Mudgerikar, A., Sharma, P., Bertino, E.: E-Spion: A system-level intrusion detection system for IoT devices. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 493–500 (2019)

    Google Scholar 

  49. Muñoz, R., Vilalta, R., Yoshikane, N., Casellas, R., Martínez, R., Tsuritani, T., Morita, I.: Integration of IoT, transport SDN, and edge/cloud computing for dynamic distribution of IoT analytics and efficient use of network resources. J. Lightwave Technol. 36(7), 1420–1428 (2018)

    Article  Google Scholar 

  50. News, C.: Car hacked on 60 minutes (Feb 2015). https://www.cbsnews.com/news/car-hacked-on-60-minutes/

  51. Nurse, J.R., Erola, A., Agrafiotis, I., Goldsmith, M., Creese, S.: Smart insiders: exploring the threat from insiders using the internet-of-things. In: 2015 International Workshop on Secure Internet of Things (SIoT), pp. 5–14. IEEE (2015)

    Google Scholar 

  52. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: analysing the rise of IoT compromises. EMU 9, 1 (2015)

    Google Scholar 

  53. Rao, X., Dong, C.X., Yang, S.Q.: An intrusion detection system based on support vector machine. J. Software 14(4), 798–803 (2003)

    MATH  Google Scholar 

  54. Raza, S., Wallgren, L., Voigt, T.: Svelte: Real-time intrusion detection in the internet of things. Adhoc Networks 11(8), 2661–2674 (2013)

    Article  Google Scholar 

  55. Rouse, M.: What is IoT (internet of things) and how does it work? (Feb 2020). https://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT

  56. Sarkar, P.G., Fitzgerald, S.: Attacks on SSL a comprehensive study of beast, crime, time, breach, lucky 13 & rc4 biases. Internet: https://www.isecpartners.com/media/106031/ssl_attacks_survey. pdf [June, 2014] (2013)

  57. Srinivasan, R.: RPC: Remote procedure call protocol specification version 2 (1995)

    Google Scholar 

  58. Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: Mitre att&ck: Design and philosophy. Technical report (2018)

    Google Scholar 

  59. Tian, Y., Zhang, N., Lin, Y.H., Wang, X., Ur, B., Guo, X., Tague, P.: Smartauth: User-centered authorization for the internet of things. In: Proceedings of the 26th USENIX Security Symposium, pp. 361–378 (2017)

    Google Scholar 

  60. Valente, J., Cardenas, A.: Security and privacy in smart toys. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy, IoT S&P@CCS, Dallas, TX, USA, November 03, 2017, pp. 19–24 (2017)

    Google Scholar 

  61. Valeriano, B., Habel, P.: Who are the enemies? the visual framing of enemies in digital games. Int. Stud. Rev. 18(3), 462–486 (2016)

    Article  Google Scholar 

  62. Van, N.T., Thinh, T.N., et al.: An anomaly-based network intrusion detection system using deep learning. In: 2017 International Conference on System Science and Engineering (ICSSE), pp. 210–214. IEEE (2017)

    Google Scholar 

  63. VirusTotal: https://www.virustotal.com

  64. Wang, Q., Hassan, W.U., Bates, A., Gunter, C.: Fear and logging in the internet of things. In: Network and Distributed Systems Symposium (2018)

    Google Scholar 

  65. Ward, M.: Smart meters can be hacked to cut power bills (Oct 2014). http://www.bbc.com/news/technology-29643276

  66. Xiao, L., Wan, X., Lu, X., Zhang, Y., Wu, D.: IoT security techniques based on machine learning: How do IoT devices use AI to enhance security? IEEE Signal Process. Mag. 35(5), 41–49 (2018)

    Article  Google Scholar 

  67. Zeifman, I., Bekerman, D., Herzberg, B.: Breaking down mirai: An IoT DDoS botnet analysis (2016). Imperva. Source: https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html

Download references

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, IN, USA

    Anand Mudgerikar & Elisa Bertino

Authors
  1. Anand Mudgerikar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elisa Bertino .

Editor information

Editors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, Shaanxi, China

    Xiaofeng Chen

  2. School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

  3. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Mudgerikar, A., Bertino, E. (2021). IoT Attacks and Malware. In: Chen, X., Susilo, W., Bertino, E. (eds) Cyber Security Meets Machine Learning. Springer, Singapore. https://doi.org/10.1007/978-981-33-6726-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-981-33-6726-5_1

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-33-6725-8

  • Online ISBN: 978-981-33-6726-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation