scholarly journals A Malware Distribution Simulator for the Verification of Network Threat Prevention Tools

Sensors ◽  
2021 ◽  
Vol 21 (21) ◽  
pp. 6983
Author(s):  
Song-Yi Hwang ◽  
Jeong-Nyeo Kim
Keyword(s):  
Denial Of Service ◽  
Malicious Code ◽  
The Internet ◽  
Simulation Tool ◽  
Distributed Denial Of Service ◽  
Network Access ◽  
Ip Address ◽  
Network Equipment ◽  
Low Performance ◽  
Iot Devices

With the expansion of the Internet of Things (IoT), security incidents about exploiting vulnerabilities in IoT devices have become prominent. However, due to the characteristics of IoT devices such as low power and low performance, it is difficult to apply existing security solutions to IoT devices. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are increasing every year. The most representative is the Mirai malware that caused distributed denial of service (DDoS) attacks by creating a massive IoT botnet. Moreover, Mirai malware has been released on the Internet, resulting in increasing variants and new malicious codes. One of the ways to mitigate distributed denial of service attacks is to render the creation of massive IoT botnets difficult by preventing the spread of malicious code. For IoT infrastructure security, security solutions are being studied to analyze network packets going in and out of IoT infrastructure to detect threats, and to prevent the spread of threats within IoT infrastructure by dynamically controlling network access to maliciously used IoT devices, network equipment, and IoT services. However, there is a great risk to apply unverified security solutions to real-world environments. In this paper, we propose a malware simulation tool that scans vulnerable IoT devices assigned a private IP address, and spreads malicious code within IoT infrastructure by injecting malicious code download command into vulnerable devices. The malware simulation tool proposed in this paper can be used to verify the functionality of network threat detection and prevention solutions.

scholarly journals DoS Attack Prevention Using Rule-Based Sniffing Technique and Firewall in Cloud Computing

2019 ◽  
Vol 125 ◽  
pp. 21004
Author(s):  
Kagiraneza Alexis Fidele ◽  
Agus Hartanto
Keyword(s):  
Denial Of Service ◽  
The Internet ◽  
Data Service ◽  
Distributed Denial Of Service ◽  
Dos Attack ◽  
Ip Address ◽  
Attack Pattern ◽  
Main Target ◽  
Cloud Servers ◽  
Sniffing Technique

Nowadays, we are entering an era where the internet has become a necessary infrastructure and support that can be applied as a means of regular communication and data service. In these services, cloud-based on servers has an essential role as it can serve numerous types of devices that are interconnected with several protocols. Unfortunately, internet cloud servers become the main target of attacks such as Denial of Service (DoS), Distributed Denial of Service (DDoS). These attacks have illegal access that could interfere in service functions. Sniffing techniques are typically practiced by hackers and crackers to tap data that passes through the internet network. In this paper, sniffing technique aims to identify packets that are moving across the network. This technique will distinguish packet on the routers or bridges through a sniffer tool known as snort connected to a database containing the attack pattern. If the sniffing system encounters strange patterns and recognizes them as attacks, it will notify to the firewall to separate the attacker's original Internet Protocol (IP) address. Then, communication from the attacker's host to the target will be discontinued. Consequently, the identified attack activity will stop working, and the service will proceed to run.

Cyber-Physical System and Internet of Things Security

2021 ◽  
pp. 328-357
Author(s):  
Thomas Ulz ◽  
Sarah Haas ◽  
Christian Steger
Keyword(s):  
Internet Of Things ◽  
Public Awareness ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Industrial Iot ◽  
Confidential Data ◽  
Iot Devices ◽  
The Internet Of Things

An increase of distributed denial-of-service (DDoS) attacks launched by botnets such as Mirai has raised public awareness regarding potential security weaknesses in the Internet of Things (IoT). Devices are an attractive target for attackers because of their large number and due to most devices being online 24/7. In addition, many traditional security mechanisms are not applicable for resource constraint IoT devices. The importance of security for cyber-physical systems (CPS) is even higher, as most systems process confidential data or control a physical process that could be harmed by attackers. While industrial IoT is a hot topic in research, not much focus is put on ensuring information security. Therefore, this paper intends to give an overview of current research regarding the security of data in industrial CPS. In contrast to other surveys, this work will provide an overview of the big CPS security picture and not focus on special aspects.

Malware Threat in Internet of Things and Its Mitigation Analysis

2021 ◽  
pp. 371-387
Author(s):  
Shingo Yamaguchi ◽  
Brij Gupta
Keyword(s):  
Internet Of Things ◽  
Large Volume ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
New Type ◽  
Iot Devices ◽  
Mitigation Methods ◽  
The Internet Of Things

This chapter introduces malware's threat in the internet of things (IoT) and then analyzes the mitigation methods against the threat. In September 2016, Brian Krebs' web site “Krebs on Security” came under a massive distributed denial of service (DDoS) attack. It reached twice the size of the largest attack in history. This attack was caused by a new type of malware called Mirai. Mirai primarily targets IoT devices such as security cameras and wireless routers. IoT devices have some properties which make them malware attack's targets such as large volume, pervasiveness, and high vulnerability. As a result, a DDoS attack launched by infected IoT devices tends to become massive and disruptive. Thus, the threat of Mirai is an extremely important issue. Mirai has been attracting a great deal of attention since its birth. This resulted in a lot of information related to IoT malware. Most of them came from not academia but industry represented by antivirus software makers. This chapter summarizes such information.

An efficient algorithm to detect DDoS amplification attacks

2020 ◽  
Vol 39 (6) ◽  
pp. 8565-8572
Author(s):  
Md Abdul Quadir ◽  
J. Christy Jackson ◽  
J. Prassanna ◽  
K. Sathyarajasekaran ◽  
K. Kumar ◽  
...  
Keyword(s):  
Intelligent System ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Domain Name System ◽  
Ip Address ◽  
Critical Part ◽  
Access Control List ◽  
Network Time ◽  
Network Time Protocol

Domain name system (DNS) plays a critical part in the functioning of the Internet. But since DNS queries are sent using UDP, it is vulnerable to Distributed Denial of Service (DDoS) attacks. The attacker can take advantage of this and spoof the source IP address and direct the response towards the victim network. And since the network does not keep track of the number of requests going out and responses coming in, the attacker can flood the network with these unwanted DNS responses. Along with DNS, other protocols are also exploited to perform DDoS. Usage of Network Time Protocol (NTP) is to synchronize clocks on systems. Its monlist command replies with 600 entries of previous traffic records. This response is enormous compared to the request. This functionality is used by the attacker in DDoS. Since these attacks can cause colossal congestion, it is crucial to prevent or mitigate these types of attacks. It is obligatory to discover a way to drop the spoofed packets while entering the network to mitigate this type of attack. Intelligent cybersecurity systems are designed for the detection of these attacks. An Intelligent system has AI and ML algorithms to achieve its function. This paper discusses such intelligent method to detect the attack server from legitimate traffic. This method uses an algorithm that gets activated by excess traffic in the network. The excess traffic is determined by the speed or rate of the requests and responses and their ratio. The algorithm extracts the IP addresses of servers and detects which server is sending more packets than requested or which are not requested. This server can be later blocked using a firewall or Access Control List (ACL).

Cyber-Physical System and Internet of Things Security

2018 ◽  
pp. 248-277
Author(s):  
Thomas Ulz ◽  
Sarah Haas ◽  
Christian Steger
Keyword(s):  
Internet Of Things ◽  
Public Awareness ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Industrial Iot ◽  
Confidential Data ◽  
Iot Devices ◽  
The Internet Of Things

An increase of distributed denial-of-service (DDoS) attacks launched by botnets such as Mirai has raised public awareness regarding potential security weaknesses in the Internet of Things (IoT). Devices are an attractive target for attackers because of their large number and due to most devices being online 24/7. In addition, many traditional security mechanisms are not applicable for resource constraint IoT devices. The importance of security for cyber-physical systems (CPS) is even higher, as most systems process confidential data or control a physical process that could be harmed by attackers. While industrial IoT is a hot topic in research, not much focus is put on ensuring information security. Therefore, this paper intends to give an overview of current research regarding the security of data in industrial CPS. In contrast to other surveys, this work will provide an overview of the big CPS security picture and not focus on special aspects.

Malware Threat in Internet of Things and Its Mitigation Analysis

2020 ◽  
pp. 363-379
Author(s):  
Shingo Yamaguchi ◽  
Brij Gupta
Keyword(s):  
Internet Of Things ◽  
Large Volume ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
New Type ◽  
Iot Devices ◽  
Mitigation Methods ◽  
The Internet Of Things

This chapter introduces malware's threat in the internet of things (IoT) and then analyzes the mitigation methods against the threat. In September 2016, Brian Krebs' web site “Krebs on Security” came under a massive distributed denial of service (DDoS) attack. It reached twice the size of the largest attack in history. This attack was caused by a new type of malware called Mirai. Mirai primarily targets IoT devices such as security cameras and wireless routers. IoT devices have some properties which make them malware attack's targets such as large volume, pervasiveness, and high vulnerability. As a result, a DDoS attack launched by infected IoT devices tends to become massive and disruptive. Thus, the threat of Mirai is an extremely important issue. Mirai has been attracting a great deal of attention since its birth. This resulted in a lot of information related to IoT malware. Most of them came from not academia but industry represented by antivirus software makers. This chapter summarizes such information.

scholarly journals Improving IoT Botnet Investigation Using an Adaptive Network Layer

Sensors ◽  
2019 ◽  
Vol 19 (3) ◽  
pp. 727 ◽  
Author(s):  
João Ceron ◽  
Klaus Steding-Jessen ◽  
Cristine Hoepers ◽  
Lisandro Granville ◽  
Cíntia Margi
Keyword(s):  
Network Traffic ◽  
Denial Of Service ◽  
The Internet ◽  
Malware Analysis ◽  
Distributed Denial Of Service ◽  
Network Access ◽  
Network Layer ◽  
Internet Infrastructure ◽  
Study Case ◽  
Analysis Environment

IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.

HomeTec Software for Security Aspects of Smart Home Devices Based on IoT

2021 ◽  
pp. 5-16
Author(s):  
Parth Rustagi ◽  
◽  
◽  
◽  
◽  
...  
Keyword(s):  
Smart Home ◽  
Denial Of Service ◽  
Security Protocols ◽  
The Internet ◽  
Security Threats ◽  
Deep Dive ◽  
Cost Cutting ◽  
Full Control ◽  
Iot Devices ◽  
Service Data

As useful as it gets to connect devices to the internet to make life easier and more comfortable, it also opens the gates to various cyber threats. The connection of Smart Home devices to the internet makes them vulnerable to malicious hackers that infiltrate the system. Hackers can penetrate these systems and have full control over devices. This can lead to denial of service, data leakage, invasion of privacy, etc. Thus security is a major aspect of Smart home devices. However, many companies manufacturing these Smart Home devices have little to no security protocols in their devices. In the process of making the IoT devices cheaper, various cost-cutting is done on the security protocols in IoT devices. In some way, many manufactures of the devices don’t even consider this as a factor to build upon. This leaves the devices vulnerable to attacks. Various authorities have worked upon to standardize the security aspects for the IoT and listed out guidelines for manufactures to follow, but many fail to abide by them. This paper introduces and talks about the various threats, various Security threats to Smart Home devices. It takes a deep dive into the solutions for the discussed threats. It also discusses their prevention. Lastly, it discusses various preventive measures and good practices to be incorporated to protect devices from any future attacks.

scholarly journals Mathematical model on distributed denial of service attack through Internet of things in a network

2019 ◽  
Vol 8 (1) ◽  
pp. 486-495 ◽  
Author(s):  
Bimal Kumar Mishra ◽  
Ajit Kumar Keshri ◽  
Dheeresh Kumar Mallick ◽  
Binay Kumar Mishra
Keyword(s):  
Mathematical Model ◽  
Internet Of Things ◽  
Equilibrium Points ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Denial Of Service Attack ◽  
Different Types ◽  
Service Attack ◽  
Iot Devices

Abstract Internet of Things (IoT) opens up the possibility of agglomerations of different types of devices, Internet and human elements to provide extreme interconnectivity among them towards achieving a completely connected world of things. The mainstream adaptation of IoT technology and its widespread use has also opened up a whole new platform for cyber perpetrators mostly used for distributed denial of service (DDoS) attacks. In this paper, under the influence of internal and external nodes, a two - fold epidemic model is developed where attack on IoT devices is first achieved and then IoT based distributed attack of malicious objects on targeted resources in a network has been established. This model is mainly based on Mirai botnet made of IoT devices which came into the limelight with three major DDoS attacks in 2016. The model is analyzed at equilibrium points to find the conditions for their local and global stability. Impact of external nodes on the over-all model is critically analyzed. Numerical simulations are performed to validate the vitality of the model developed.

scholarly journals Analisa Real-Time Data log honeypot menggunakan Algoritma K-Means pada serangan Distributed Denial of Service

Repositor ◽  
2020 ◽  
Vol 2 (5) ◽  
pp. 541
Author(s):  
Denni Septian Hermawan ◽  
Syaifuddin Syaifuddin ◽  
Diah Risqiwati
Keyword(s):  
Real Time ◽  
Data Storage ◽  
Denial Of Service ◽  
The Internet ◽  
Distributed Denial Of Service ◽  
Time Data ◽  
Local Networks ◽  
Real Time Data ◽  
Internet Networks ◽  
Data Log

AbstrakJaringan internet yang saat ini di gunakan untuk penyimpanan data atau halaman informasi pada website menjadi rentan terhadap serangan, untuk meninkatkan keamanan website dan jaringannya, di butuhkan honeypot yang mampu menangkap serangan yang di lakukan pada jaringan lokal dan internet. Untuk memudahkan administrator mengatasi serangan digunakanlah pengelompokan serangan dengan metode K-Means untuk mengambil ip penyerang. Pembagian kelompok pada titik cluster akan menghasilkan output ip penyerang.serangan di ambil sercara realtime dari log yang di miliki honeypot dengan memanfaatkan MHN.Abstract The number of internet networks used for data storage or information pages on the website is vulnerable to attacks, to secure the security of their websites and networks, requiring honeypots that are capable of capturing attacks on local networks and the internet. To make it easier for administrators to tackle attacks in the use of attacking groupings with the K-Means method to retrieve the attacker ip. Group divisions at the cluster point will generate the ip output of the attacker. The strike is taken as realtime from the logs that have honeypot by utilizing the MHN.

Sign in / Sign up

Export Citation Format

Share Document