DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation

Donno, Michele De; Dragoni, Nicola; Giaretta, Alberto; Spognardi, Angelo

doi:10.1155/2018/7178164

Cited by 127 publications

(63 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…it is difficult to understand that the different incoming requests are actually coordinated by the same source) and generate a huge quantity of traffic [153,32] which makes the attack much more disruptive than a simple SDoS [20]. To have an insight of the potential power of such attack, it is sufficient to consider that the recent Mirai malware allowed to generate traffic peaks of more than 620 Gbps [64,33]. Transport and network level protocols can be used to exhaust network resources [153].…”

Section: Availability Issuesmentioning

confidence: 99%

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

et al. 2019

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) is rapidly changing our society to a world where every "thing" is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of Cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

show abstract

Section: Availability Issuesmentioning

confidence: 99%

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…Badacze (De Donno, et al 2018) podkreślają, że bezpieczeństwo Internetu rzeczy zostało źle zaprojektowane. M. Marczyk pisze, że "we współczesnej organizacji jednym z najważniejszych zagrożeń bezpieczeństwa jest możliwość niekontrolowanego dostępu i ujawnienia informacji stanowiącej tajemnicę, najczęściej dotyczy to informacji przetwarzanej w systemach i sieciach teleinformatycznych (sieci komputerowe)" (Marczyk, 2015).…”

Section: Zagrożenia Internetu Rzeczyunclassified

“…Jak skuteczne może być zmasowane niezgodne z przeznaczeniem, funkcjonowanie Internetu rzeczy, zostało opisane w artykule naukowym (De Donno, et al 2018). W październiku 2016 roku botnet Mirai składający się głównie z przejętych kamer CCTV (Waqas, 2016) i głównie w USA sparaliżował fi rmę DNS Dyn, powodując wyłączenie wielu stron postawionych na infrastrukturze na terenie USA.…”

Section: Zagrożenia Internetu Rzeczyunclassified

The impact of the Internet of Things on human security

Słota-Bohosiewicz

2019

JoMS

View full text Add to dashboard Cite

Th e analysis of selected scientifi c articles about the Internet of Th ings leads to the conclusion that the interest of researchers is growing. Th e Internet of Th ings is a complex environment in which technical aspects meet with social and military aspects. Th e Internet of Th ings inherits and multiplies the potential vulnerability of a single device on the Internet. Th e eff ects of the Mirai botnet in the USA, the Denial of service attack on Liberia, are a picture of the possible negative impact of the Internet of Th ings on human security. StreszczenieAnaliza wybranych artykułów naukowych na temat Internetu rzeczy prowadzi do wniosku, że zainteresowanie naukowców rośnie. Internet rzeczy jest złożonym środowiskiem, w którym aspekty techniczne spotykają się z aspektami społecznymi i wojskowymi. Internet przedmiotów dziedziczy i mnoży potencjalną podatność pojedynczego urządzenia w Internecie. Skutki botnetu Mirai w USA i ataku Denial of Service na Liberię obrazują możliwy negatywny wpływ Internetu przedmiotów na bezpieczeństwo ludzi.

show abstract

“…The trick is to introduce into the P2P network many fake identities (the so-called sybils), which are controlled by one single attacker in the physical layer. This allows attackers to monitor the traffic, to partition the network, e.g., through an eclipse attack, or to misuse the DHT in different ways, e.g., performing a Distributed Denial of Service (DDoS) attack [12]. Different types of threats can be generated by the sybils and they can be classified into the following categories: (i) routing table invasions, (ii) storage and retrieval malfunctions, and (iii) miscellaneous attacks [13].…”

Section: Background and Related Workmentioning

confidence: 99%

A Balanced Trust-Based Method to Counter Sybil and Spartacus Attacks in Chord

Pecori

Veltri

2018

Security and Communication Networks

View full text Add to dashboard Cite

A Sybil attack is one of the main challenges to be addressed when securing peer-to-peer networks, especially those based on Distributed Hash Tables (DHTs). Tampering routing tables by means of multiple fake identities can make routing, storing, and retrieving operations significantly more difficult and time-consuming. Countermeasures based on trust and reputation have already proven to be effective in some contexts, but one variant of the Sybil attack, the Spartacus attack, is emerging as a new threat and its effects are even riskier and more difficult to stymie. In this paper, we first improve a well-known and deployed DHT (Chord) through a solution mixing trust with standard operations, for facing a Sybil attack affecting either routing or storage and retrieval operations. This is done by maintaining the least possible overhead for peers. Moreover, we extend the solution we propose in order for it to be resilient also against a Spartacus attack, both for an iterative and for a recursive lookup procedure. Finally, we validate our findings by showing that the proposed techniques outperform other trust-based solutions already known in the literature as well.

show abstract

DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation

Cited by 127 publications

References 31 publications

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

The impact of the Internet of Things on human security

A Balanced Trust-Based Method to Counter Sybil and Spartacus Attacks in Chord

Contact Info

Product

Resources

About