Skip to main content
SpringerLink
Log in

A Secure Contained Testbed for Analyzing IoT Botnets

  • Conference paper
  • First Online:
Testbeds and Research Infrastructures for the Development of Networks and Communities (TridentCom 2018)

Included in the following conference series:

Abstract

Many security issues have come to the fore with the increasingly widespread adoption of Internet-of-Things (IoT) devices. The Mirai attack on Dyn DNS service, in which vulnerable IoT devices such as IP cameras, DVRs and routers were infected and used to propagate large-scale DDoS attacks, is one of the more prominent recent examples. IoT botnets, consisting of hundreds-of-thousands of bots, are currently present “in-the-wild” at least and are only expected to grow in the future, with the potential to cause significant network downtimes and financial losses to network companies. We propose, therefore, to build testbeds for evaluating IoT botnets and design suitable mitigation techniques against them. A DETERlab-based IoT botnet testbed is presented in this work. The testbed is built in a secure contained environment and includes ancillary services such as DHCP, DNS as well as botnet infrastructure including CnC and scanListen/loading servers. Developing an IoT botnet testbed presented us with some unique challenges which are different from those encountered in non-IoT botnet testbeds and we highlight them in this paper. Further, we point out the important features of our testbed and illustrate some of its capabilities through experimental results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 60.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun. Surv. Tutor. 17(4), 2347–2376 (2015)

    Article  Google Scholar 

  2. Nordrum, A.: Popular Internet of Things forecast of 50 billion devices by 2020 is outdated. https://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated

  3. Yang, Y., Wu, L., Yin, G., Li, L., Zhao, H.: A survey on security and privacy issues in Internet-of-Things. IEEE Internet Things J. 4(5), 1250–1258 (2017)

    Article  Google Scholar 

  4. Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on Internet of Things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)

    Article  Google Scholar 

  5. Frustaci, M., Pace, P., Aloi, G., Fortino, G.: Evaluating critical security issues of the IoT world: present and future challenges. IEEE Internet Things J. 5(4), 2483–2495 (2018)

    Article  Google Scholar 

  6. Krebs, B.: Hacked cameras, DVRs powered today’s massive internet outage, October 2016. https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/

  7. Cimpanu, C.: There’s a 120,000-strong IoT DDoS botnet lurking around. http://news.softpedia.com/news/there-s-a-120-000-strong-iot-ddos-botnet-lurking-around-507773.shtml

  8. Constantin, L.: Your Linux-based home router could succumb to a new Telnet worm, Remaiten. https://www.computerworld.com/article/3049982/security/your-linux-based-home-router-could-succumb-to-a-new-telnet-worm-remaiten.html

  9. Grange, W.: Hajime worm battles Mirai for control of the Internet of Things. https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things

  10. Arghire, I.: IoT botnet used in website hacking attacks. https://www.securityweek.com/iot-botnet-used-website-hacking-attacks

  11. Beek, C.: Mirai botnet creates army of IoT Orcs. https://securingtomorrow.mcafee.com/mcafee-labs/mirai-botnet-creates-army-iot-orcs/

  12. Ilascu, I.: Mirai code still runs on many IoT devices. https://www.bitdefender.com/box/blog/iot-news/mirai-code-still-runs-many-iot-devices/

  13. Calvet, J., et al.: The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, New York, pp. 141–150 (2010)

    Google Scholar 

  14. NCL: National Cybersecurity R&D Lab. https://ncl.sg/

  15. DeterLab: Cyber-defense technology experimental research laboratory. https://www.isi.deterlab.net/index.php3

  16. Barford, P., Blodgett, M.: Toward botnet Mesocosms. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots 2007, Berkeley, p. 6. USENIX Association (2007)

    Google Scholar 

  17. Jackson, A.W., Lapsley, D., Jones, C., Zatko, M., Golubitsky, C., Strayer, W.T.: SLINGbot: a system for live investigation of next generation botnets. In: Cybersecurity Applications Technology Conference for Homeland Security, pp. 313–318, March 2009

    Google Scholar 

  18. Vanderveen, K.B., et al.: Large-scale botnet analysis on a budget (2011)

    Google Scholar 

  19. Kreibich, C., Weaver, N., Kanich, C., Cui, W., Paxson, V.: GQ: practical containment for measuring modern malware systems. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2011, New York, pp. 397–412. ACM (2011)

    Google Scholar 

  20. ElSheikh, M.H., Gadelrab, M.S., Ghoneim, M.A., Rashwan, M.: Botgen: a new approach for in-lab generation of botnet datasets. In: 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 76–84, October 2014

    Google Scholar 

  21. Alomari, E., Manickam, S., Gupta, B.B., Singh, P., Anbar, M.: Design, deployment and use of HTTP-based botnet (HBB) testbed. In: 16th International Conference on Advanced Communication Technology, pp. 1265–1269, February 2014

    Google Scholar 

  22. Ahmad, M.A., Woodhead, S., Gan, D.: The V-network testbed for malware analysis. In: International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), pp. 629–635, May 2016

    Google Scholar 

  23. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  24. MySQL: The world’s most popular open source database. https://www.mysql.com/

  25. Winward, R.: Mirai: inside of an IoT Botnet, February 2017. https://www.nanog.org/sites/default/files/1_Winward_Mirai_The_Rise.pdf

  26. Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005, Berkeley, p. 41. USENIX Association (2005). https://www.qemu.org/

Download references

Acknowledgment

The authors would like to appreciate the National Cybersecurity R&D Lab, Singapore for allowing us to use their testbed to collect important data which has been used in our work. This research is supported by the National Research Foundation, Prime Minister’s Office, Singapore under its Corporate Laboratory@University Scheme, National University of Singapore, and Singapore Telecommunications Ltd.

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, National University of Singapore, Singapore, 119077, Singapore

    Ayush Kumar & Teng Joon Lim

Authors
  1. Ayush Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Teng Joon Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ayush Kumar .

Editor information

Editors and Affiliations

  1. Shanghai University, Shanghai, China

    Honghao Gao

  2. Hangzhou Dianzi University, Hangzhou, Zhejiang, China

    Yuyu Yin

  3. Shanghai Second Polytechnic University, Shanghai, China

    Xiaoxian Yang

  4. Shanghai University, Shanghai, China

    Huaikou Miao

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kumar, A., Lim, T.J. (2019). A Secure Contained Testbed for Analyzing IoT Botnets. In: Gao, H., Yin, Y., Yang, X., Miao, H. (eds) Testbeds and Research Infrastructures for the Development of Networks and Communities. TridentCom 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 270. Springer, Cham. https://doi.org/10.1007/978-3-030-12971-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12971-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12970-5

  • Online ISBN: 978-3-030-12971-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation