Research Article
A Secure Contained Testbed for Analyzing IoT Botnets
@INPROCEEDINGS{10.1007/978-3-030-12971-2_8, author={Ayush Kumar and Teng Lim}, title={A Secure Contained Testbed for Analyzing IoT Botnets}, proceedings={Testbeds and Research Infrastructures for the Development of Networks and Communications. 13th EAI International Conference, TridentCom 2018, Shanghai, China, December 1-3, 2018, Proceedings}, proceedings_a={TRIDENTCOM}, year={2019}, month={2}, keywords={Internet of Things IoT Malware Mirai Botnet Testbed}, doi={10.1007/978-3-030-12971-2_8} }
- Ayush Kumar
Teng Lim
Year: 2019
A Secure Contained Testbed for Analyzing IoT Botnets
TRIDENTCOM
Springer
DOI: 10.1007/978-3-030-12971-2_8
Abstract
Many security issues have come to the fore with the increasingly widespread adoption of Internet-of-Things (IoT) devices. The Mirai attack on Dyn DNS service, in which vulnerable IoT devices such as IP cameras, DVRs and routers were infected and used to propagate large-scale DDoS attacks, is one of the more prominent recent examples. IoT botnets, consisting of hundreds-of-thousands of bots, are currently present “in-the-wild” at least and are only expected to grow in the future, with the potential to cause significant network downtimes and financial losses to network companies. We propose, therefore, to build testbeds for evaluating IoT botnets and design suitable mitigation techniques against them. A DETERlab-based IoT botnet testbed is presented in this work. The testbed is built in a secure contained environment and includes ancillary services such as DHCP, DNS as well as botnet infrastructure including CnC and scanListen/loading servers. Developing an IoT botnet testbed presented us with some unique challenges which are different from those encountered in non-IoT botnet testbeds and we highlight them in this paper. Further, we point out the important features of our testbed and illustrate some of its capabilities through experimental results.