Abstract:Botnets are widespread nowadays with the expansion of the Internet and commonly occur in many cyber-attacks, resulting in serious threats to network services and users' properties. With the rapid development of the Internet of Things (IoT) applications, the botnet can easily make use of IoT devices for larger-scale attacks. Domain name system (DNS) is widely used by the botnet to establish the connection between bots and their corresponding command-and-control (C&C). In order to avoid the track of the C&C thro… Show more
“…( [71]) • Whether developing revamped software architectures such as the pluggable and dynamic model presented by Maroof et al [58] should be prioritised for the next generation of IoT devices? • Whether traditional domain-based detection and filtering of bots can be effectively imported for IoT bot detection and mitigation (e.g., [72], [73])? • How technological advancements through Fog and Edge computing can be used to develop more efficient IoT botnet detection and mitigation solutions?…”
Since the Mirai botnet attacks in 2016 research into the Internet of Things (IoT) botnet malware has increased substantially. IoT botnet relevant threats continue to rise, impacting businesses and users. This paper aims to contribute to the problem space by compiling and synthesizing the relevant literature over the last five years to provide an overview of the most recent advances in IoT botnets, their detection and prevention, and laying down the future research directions required to better address this ever growing threat.
“…( [71]) • Whether developing revamped software architectures such as the pluggable and dynamic model presented by Maroof et al [58] should be prioritised for the next generation of IoT devices? • Whether traditional domain-based detection and filtering of bots can be effectively imported for IoT bot detection and mitigation (e.g., [72], [73])? • How technological advancements through Fog and Edge computing can be used to develop more efficient IoT botnet detection and mitigation solutions?…”
Since the Mirai botnet attacks in 2016 research into the Internet of Things (IoT) botnet malware has increased substantially. IoT botnet relevant threats continue to rise, impacting businesses and users. This paper aims to contribute to the problem space by compiling and synthesizing the relevant literature over the last five years to provide an overview of the most recent advances in IoT botnets, their detection and prevention, and laying down the future research directions required to better address this ever growing threat.
“…The authors further discussed database servers, command and control servers, forensic artefacts on the attacker's terminal and the network packet for the attacks [39]. The authors outlined how a forensic expert can remotely obtain some of these artefacts without physical access to botnet servers.An analysis of Rustock botnet domain names was conducted on multiple aspects by Li et al [41].The authors attempted to understand botnet detection in these domain names. The results of an experiment guides future botnet detection.…”
Section: A Rq1:what Are the Contributions Of The Primary Studies?mentioning
The adoption of the Internet of Things (IoT) technology is expanding exponentially because of its capability to provide a better service. This technology has been successfully implemented on various devices. The growth of IoT devices is massive at present. However, security is becoming a major challenge with this growth. Attacks, such as IoT-based botnet attacks, are becoming frequent and have become popular amongst attackers.IoT has a resource constraint and heterogeneous environments, such as low computational power and memory. Hence, these constraints create problems in implementing a security solution in IoT devices. Therefore, various kind of attacks are possible due to this vulnerability, with IoT-based botnet attack being one of the most popular.In this study, we conducted a comprehensive systematic literature review on IoT-based botnet attacks. Existing state of the art in the area of study was presented and discussed in detail. A systematic methodology was adopted to ensure the coverage of all important studies. This methodology was detailed and repeatable. The review outlined the existing proposed contributions, datasets utilised, network forensic methods utilised and research focus of the primary selected studies. The demographic characteristics of primary studies were also outlined.The result of this review revealed that research in this domain is gaining momentum, particularly in the last 3 years (2018-2020). Nine key contributions were also identified, with Evaluation, System, and Model being the most conducted.
“…In 2019, the FBI's Internet Crime Complaint Center (IC3) recorded more than $3.5 B in individual, and companies losses related to cybercrime [4]. Moreover, the 2020 report on botnets from the European Union Agency for Cybersecurity (ENISA) [5] counted that 7.7 million IoT devices are connected every day to the Internet, increasing the attack surface for malware infections [6], [7]. Besides, it informed on an increase on botnet controlling servers of 71.5% concerning the previous year, which raises the need to develop specific countermeasures against botnets.…”
Botnets are one of the online threats with the most significant presence, causing billionaire losses to global economies. Nowadays, the increasing number of devices connected to the Internet makes it necessary to analyze extensive network traffic data. In this work, we focus on increasing the performance of botnet traffic classification by selecting those features that further increase the detection rate. For this purpose, we use two feature selection techniques, i.e., Information Gain and Gini Importance, which led to three pre-selected subsets of five, six and seven features. Then, we evaluate the three feature subsets and three models, i.e., Decision Tree, Random Forest and k-Nearest Neighbors. To test the performance of the three feature vectors and the three models, we generate two datasets based on the CTU-13 dataset, namely QB-CTU13 and EQB-CTU13. Finally, we measure the performance as the macro averaged F1 score over the computational time required to classify a sample. The results show that the highest performance is achieved by Decision Trees using a five feature set, which obtained a mean F1 score of 85% classifying each sample in an average time of 0.78 microseconds.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.