Macroscopic Analysis of IoT Botnets

Almazarqi, H. A. , Woodyard, M., Mursch, T., Pezaros, D. and Marnerides, A. K. (2022) Macroscopic Analysis of IoT Botnets. In: 2022 IEEE Global Communications Conference (GLOBECOM), Rio de Janeiro, Brazil, 04-08 Dec 2022, pp. 2674-2678. ISBN 9781665435406 (doi: 10.1109/GLOBECOM48099.2022.10001223)

[img] Text
277487.pdf - Accepted Version



The adoption of the IoT by modern sociotechnical systems in synergy with the rapid deployment of insecure IoT devices and services has transformed the cyber-threat landscape. Thus, the vast majority of cyberattacks are underpinned by the orchestration of compromised IoT devices that are globally distributed and controlled through carefully designed IoT botnets. Contrary to conventional belief, cybersecurity vectors instrumented by such botnets are not always uniformly distributed across Internet Autonomous Systems (ASes). By virtue of network structural characteristics imposed by each individual Autonomous System (AS) as well as the diversity in terms of AS-level cybersecurity policies, the spatiotemporal manifestation of IoT botnets differs. In this work, we provide a novel measurement study that empirically quantifies AS tolerance of IoT botnet propagation in the global IPv4 Internet. We assess and correlate measurements gathered by globally distributed honeypots, Internet regional registries and IP blacklists for a 15-month period and observe more than 3.2M malicious events triggered by IoT botnets spanning 9.5K ASes. Our work demonstrates that ASes connected to a low number of providers are prone to embrace a high portion of malicious activities. Hence, we provide evidence on concentrated botnet activities and determine the effectiveness of widely used IP blacklists. In general, this study contributes towards empowering knowledge on large-scale cyber-attacks as being crucial for the composition of next generation data-driven cybersecurity defence applications.

Item Type:Conference Proceedings
Additional Information:This work has been supported in part by the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which has been funded by the UK EPSRC under grant number EP/S035362/1.
Glasgow Author(s) Enlighten ID:Almazarqi, Hatem Aied S and Marnerides, Dr Angelos and Pezaros, Professor Dimitrios
Authors: Almazarqi, H. A., Woodyard, M., Mursch, T., Pezaros, D., and Marnerides, A. K.
College/School:College of Science and Engineering > School of Computing Science
College of Science and Engineering > School of Engineering
Published Online:11 January 2023
Copyright Holders:Copyright © 2022 IEEE
First Published:First published in 2022 IEEE Global Communications Conference (GLOBECOM): 2674-2678
Publisher Policy:Reproduced in accordance with the publisher copyright policy
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record