Profiling IoT-based Botnet Traffic Using DNS

Dwyer, O. P., Marnerides, A. K. , Giotsas, V. and Mursch, T. (2019) Profiling IoT-based Botnet Traffic Using DNS. In: 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA, 9-13 Dec 2019, ISBN 9781728109626 (doi: 10.1109/GLOBECOM38437.2019.9014300)

Full text not currently available from Enlighten.

Abstract

Internet-wide security and resilience have traditionally been subject to large-scale DDoS attacks initiated by various types of botnets. Since the Mirai outbreak in 2016 myriads of Mirai-alike IoT-based botnets have emerged. Such botnets rely on Mirai's base malware code and they infiltrate vulnerable IoT devices on an Internet-wide scale such as to instrument them to perform large-scale attacks such as DDoS. As recently shown, DDoS attacks triggered by Mirai-alike IoT-based botnets go far beyond traditional pre-2016 DDoS attacks since they have a much higher amplification and their propagation is far more aggressive. Thus, it is of crucial importance to tailor botnet detection schemes accordingly. This work provides a novel DNS-based profiling scheme over real datasets of Mirai-alike botnet activity captured on honeypots that are globally distributed. We firstly discuss features used in profiling botnets in the past and indicate how profiling IoT-based botnets in particular can be improved by leveraging DNS information out of a single DNS record. We further conduct an evaluation of our developed feature set over various Machine Learning (ML) classifiers and demonstrate the applicability of our scheme. Our resulted outputs indicate that the proposed feature set can significantly reduce botnet detection time whilst simultaneously maintaining high levels of accuracy of 99% on average under the random forest formulation.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Marnerides, Dr Angelos
Authors: Dwyer, O. P., Marnerides, A. K., Giotsas, V., and Mursch, T.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9781728109626
Published Online:27 February 2020
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record