Collaborative device-level botnet detection for internet of things

Abstract

Cyber attacks on the Internet of Things (IoT) have seen a significant increase in recent years. This is primarily due to the widespread adoption and prevalence of IoT within domestic and critical national infrastructures, as well as inherent security vulnerabilities within IoT endpoints. Therein, botnets have emerged as a major threat to IoT-based infrastructures targeting firmware vulnerabilities such as weak or default passwords to assemble an army of compromised devices which can serve as a lethal cyber-weapon against target systems, networks, and services. In this paper, we present our efforts to mitigate this challenge through the development of an intrusion detection system that resides within an IoT device to provide enhanced visibility thereby achieving security hardening of such devices. The device-level intrusion detection presented here is part of our research framework BTC_SIGBDS (Blockchain-powered, Trustworthy, Collaborative, Signature-based Botnet Detection System). We identify the research challenge through a systematic critical review of existing literature and present detailed design of the device-level component of the BTC_SIGBDS framework. We use a signature-based detection scheme with trusted signature updates to strengthen protection against emerging attacks. We have evaluated the suitability and enhanced the capability through the generation of custom signatures of two of the most famous signature-based IDS with ISOT, IoT23, and BoTIoT datasets to assess the effectiveness with respect to detection of anomalous traffic within a typical resource-constrained IoT network in terms of number of alerts, detection rates, detection time as well as in terms of peak CPU and memory usage.