Automating Group Management of Large-Scale IoT Botnets for Antitracking
Authors: 
Pengyu Pan, Xiaobo Ma, Yingjie Fu, Feitong Chen Academic Editor: Weizhi MengAuthors Info & Claims
Pengyu Pan, Xiaobo Ma, Yingjie Fu, Feitong Chen Academic Editor: Weizhi MengAuthors Info & ClaimsAbstract
With the popularity of Internet of Things (IoT) devices, IoT botnets like Mirai have been infecting as many devices as possible such as IP cameras and home routers. Because of the sheer volume and continual operation of many vulnerabilities (many users do not pay much attention to IoT update alerts and leave the configurations by default) of IoT devices, the population of an IoT botnet becomes increasingly tremendous. The growing population, though making a botnet powerful, results in an increased risk of exposure. Specifically, once a bot is captured, the command and control (C&C) channel may be cracked and then tracked, potentially rendering more bots being discovered. To solve this problem, this paper proposes an automated approach to group management of large-scale IoT bots. The basic idea of the proposed approach is to establish a reliable and unsuspicious social network-based C&C channel capable of automatically grouping bots, wherein a group of bots have a unique ID that is against cross-group tracking. The Diffie–Hellman key exchange method is leveraged for efficiently generating the unique group ID, thereby scaling up automatic bot grouping. We refer to the botnet proposed in this paper as a multichannel automatic grouping botnet (MCG botnet) and conduct verification experiments using social networks and more than 2,000 docker nodes. The experimental results show that the MCG botnet has the ability of automatic grouping and antitracking.
References
[1]
M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “A multifaceted approach to understanding the botnet phenomenon,” in Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52, Rio de Janeriro, Brazil, October 2006.
[2]
B. K. Mohanta, D. Jena, U. Satapathy, and S. Patnaik, “Survey on IoT security: challenges and solution using machine learning, artificial intelligence and blockchain technology,” Internet of Things, vol. 11, 2020.
[3]
V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, “A survey on iot security: application areas, security threats, and solution architectures,” IEEE Access, vol. 7, pp. 82 721–782 743, 2019.
[4]
R. Vinayakumar, M. Alazab, S. Srinivasan, Q.-V. Pham, S. K. Padannayil, and K. Simran, “A visualized botnet detection system based deep learning for the internet of things networks of smart cities,” IEEE Transactions on Industry Applications, vol. 56, no. 4, pp. 4436–4456, 2020.
[5]
S. Soltan, P. Mittal, and H. V. Poor, “Blackiot: iot botnet of high wattage devices can disrupt the power grid,” in 27th {USENIX} Security Symposium ({USENIX} Security 18), pp. 15–32, Princeton University, Princeton, NJ, USA, 2018.
[6]
G. Vormayr, T. Zseby, and J. Fabini, “Botnet communication patterns,” IEEE Communications Surveys & Tutorials, vol. 19, no. 4, pp. 2768–2796, 2017.
[7]
N. Jiang, J. Cao, Y. Jin, L. E. Li, and Z.-L. Zhang, “Identifying suspicious activities through dns failure graph analysis,” in Proceedings of the 18th IEEE International Conference on Network Protocols, pp. 144–153, Kyoto, Japan, October 2010.
[8]
A. H. R. A. Awadi and B. Belaton, “Multi-phase irc botnet and botnet behavior detection model,” International Journal of Computer Applications, vol. 66, 2015.
[9]
G. Sagirlar, B. Carminati, and E. Ferrari, “Autobotcatcher: blockchain-based p2p botnet detection for the internet of things,” in Proceedings of the 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pp. 1–8, IEEE, Philadelphia, PA, USA, October 2018.
[10]
T. Sengupta, S. De, and I. Banerjee, “A closeness centrality based p2p botnet detection approach using deep learning,” in Proceedings of the 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT), pp. 1–7, IEEE, Kharagpur, India, July 2021.
[11]
S. Y. Yerima and M. K. Alzaylaee, “Mobile botnet detection: a deep learning approach using convolutional neural networks,” in Proceedings of the 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–8, IEEE, Dublin, Ireland, June 2020.
[12]
S. Almutairi, S. Mahfoudh, S. Almutairi, and J. S. Alowibdi, “Hybrid botnet detection based on host and network analysis,” Journal of Computer Networks and Communications, vol. 2020, 16 pages, 2020.
[13]
C. Liu, W. Lu, Z. Zhang, P. Liao, and X. Cui, “A recoverable hybrid c&c botnet,” in Proceedings of the 2011 6th International Conference on Malicious and Unwanted Software, pp. 110–118, IEEE, Fajardo, PR, USA, October 2011.
[14]
J. Zhang, R. Zhang, Y. Zhang, and G. Yan, “The rise of social botnets: attacks and countermeasures,” IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 6, pp. 1068–1082, 2016.
[15]
N. Pantic and M. I. Husain, “Covert botnet command and control using twitter,” in Proceedings of the 31st Annual Computer Security Applications Conference, pp. 171–180, Los Angeles, CA, USA, December 2015.
[16]
T. Yin, Y. Zhang, and S. Li, “Dr-snbot: a social network-based botnet with strong destroy-resistance,” in Proceedings of the 2014 9th IEEE International Conference on Networking, Architecture, and Storage, pp. 191–199, IEEE, Tianjin, China, August 2014.
[17]
S. Nagaraja, A. Houmansadr, P. Piyawongwisal, V. Singh, P. Agarwal, and N. Borisov, “Stegobot: a covert social network botnet,” in International Workshop on Information Hiding, Springer, Berlin, Heidelberg, 2011.
[18]
A. Compagno, M. Conti, D. Lain, G. Lovisotto, and L. V. Mancini, “Boten elisa: a novel approach for botnet c&c in online social networks,” in Proceedings of the 2015 IEEE Conference on Communications and Network Security (CNS), pp. 74–82, IEEE, Florence, Italy, September 2015.
[19]
S. Zhao, P. P. Lee, J. C. Lui, X. Guan, X. Ma, and J. Tao, “Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service,” in Proceedings of the 28th Annual Computer Security Applications Conference, pp. 119–128, Orlando, Florida, USA, December 2012.
[20]
D. Wu, B. Fang, J. Yin, F. Zhang, and X. Cui, “Slbot: a serverless botnet based on service flux,” in Proceedings of the 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 181–188, IEEE, Guangzhou, China, June 2018.
[21]
S. Lee and J. Kim, “Fluxing botnet command and control channels with url shortening services,” Computer Communications, vol. 36, no. 3, pp. 320–332, 2013.
[22]
C.-J. Chew, Y.-C. Chen, J.-S. Lee, C.-L. Chen, and K.-Y. Tsai, “Preserving indomitable ddos vitality through resurrection social hybrid botnet,” Computers & Security, vol. 106, 2021.
[23]
S. T. Ali, P. McCorry, P. H.-J. Lee, and F. Hao, “Zombiecoin: powering next-generation botnets with bitcoin,” in International Conference on Financial Cryptography and Data Security, pp. 34–48, Springer, Berlin, Heidelberg, 2015.
[24]
D. Frkat, R. Annessi, and T. Zseby, “Chainchannels: private botnet communication over public blockchains,” in Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1244–1252, IEEE, Halifax, NS, Canada, July 2018.
[25]
X. Luo, P. Zhang, M. Zhang, H. Li, and Q. Cheng, “A novel covert communication method based on bitcoin transaction,” IEEE Transactions on Industrial Informatics, vol. 18, no. 4, pp. 2830–2839, 2021.
[26]
M. Baden, C. F. Torres, B. B. F. Pontiveros, and R. State, “Whispering botnet command and control instructions,” in Proceedings of the 2019 Crypto Valley Conference on Blockchain Technology (CVCBT), pp. 77–81, IEEE, Rotkreuz, Switzerland, June 2019.
[27]
Tiny, “Tinyurl.com - shorten that long url into a tiny url,” 2020, https://tinyurl.com/.
Recommendations
Spamming botnets: signatures and characteristics
In this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, we developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and ...
Identifying botnets by capturing group activities in DNS traffic
Botnets have become the main vehicle to conduct online crimes such as DDoS, spam, phishing and identity theft. Even though numerous efforts have been directed towards detection of botnets, evolving evasion techniques easily thwart detection. Moreover, ...
Spamming botnets: signatures and characteristics
SIGCOMM '08: Proceedings of the ACM SIGCOMM 2008 conference on Data communicationIn this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, we developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and ...
Comments
Information & Contributors
Information
Published In
Copyright © 2022 Pengyu Pan et al.
This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 01 January 2022
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Jan 2025