Identifying IoT-Based Botnets

Abstract

The evolution of the Internet of things (IoT) has started from simple machines that display temperature and goes all the way to powerful and sophisticated machines that can take care of individual buildings. This has made IoT devices one of the most desirable targets as botnets. Infecting IoT devices and controlling them as botnets happens quite often. This is mostly due to the lack of proper security standards and defense mechanisms in IoT devices. Common ways that attackers convert IoT devices into botnets include using default or no login passwords, keeping old firmware with no updates or security patches, and using same vulnerable software by multiple manufacturers. IoT botnets, therefore, are being used for Distributed Denial of Services (DDOS) attacks on a massive scale, reaching up to Terabytes of data per second. The rise of IoT and IoT-based botnets has therefore led to new security and management issues. To address these issues, this chapter proposes a microservice architecture-based solution dealing with the problem of heterogeneous IoT platforms and the lack of IoT device monitoring for security and fault tolerance. This chapter first describes the different types of IoT systems and explains the main reasons behind the progress of IoT botnets. It then describes potential IoT botnet architectures, and how botnets may be detected. It illustrates a data pipeline for IoT devices to send data through a messaging platform Kafka and monitor the devices using the collected data by making real-time dashboards. For proof of concept, the proposed solution is tested on a heterogeneous IoT cluster, including Raspberry Pi’s and IoT devices from different vendors. The heterogeneous IoT system is turned into botnets by a controlled variation of Mirai botnet malware and by conventional Metasploit hack on the Raspberry Pi device. Some simple machine learning method is then deployed for data analysis to detect if the IoT device is infected and turned into a botnet. Simple experimental results validate the design. The chapter ends with a conclusion including suggestions for future directions on detecting and preventing new IoT-based botnets.