No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets
Abstract
Internet of Things (IoT) is the next big evolutionary step in the world of internet. The main intention behind the IoT is to enable safer living and risk mitigation on different levels of life. With the advent of IoT botnets, the view towards IoT devices has changed from enabler of enhanced living into Internet of vulnerabilities for cyber criminals. IoT botnets has exposed two different glaring issues, 1) A large number of IoT devices are accessible over public Internet. 2) Security (if considered at all) is often an afterthought in the architecture of many wide spread IoT devices. In this article, we briefly outline the anatomy of the IoT botnets and their basic mode of operations. Some of the major DDoS incidents using IoT botnets in recent times along with the corresponding exploited vulnerabilities will be discussed. We also provide remedies and recommendations to mitigate IoT related cyber risks and briefly illustrate the importance of cyber insurance in the modern connected world.
... Some previous researches contain the evolution of IoT malware [9], [125]- [128]. Angrishi presents 14 malware families from Hydra to IRCTelnet on a timeline [125]. ...
... Some previous researches contain the evolution of IoT malware [9], [125]- [128]. Angrishi presents 14 malware families from Hydra to IRCTelnet on a timeline [125]. On [9]. ...
... One of the latest research in this field performed by Ngo et al., the relationship between 12 malware families from Hydra to VPNFilter is presented on their research [127]. Researches [125] and [126] analyzed 13 and 12 malware families from 2008 to 2016 timeframe; in our research, we located 24 malware families for the same timeframe. We believe that the lack of resources causes this difference in the malware family numbers for the newly emerging malware families. ...
Developing a secured information processing environment highly depends on securing all of the layers and devices in the environment. Edge/Fog computing environments are not an exception in this case, and the security of those environments highly depends on securing the Internet of Things (IoT) devices which are the most vulnerable devices through the environment. The adoption of Edge/Fog computing paradigms by new emerging technologies stimulated malware development for IoT platforms. Recent attacks initiated by IoT malware show that these attacks make a tremendous impact on compromised systems in terms of Quality of Service because of the number of infected IoT devices. In the light of these developments, there is an enormous need for efficient solutions. However, defense capability against these new malware types is highly constrained by the limited understanding of these new emerging paradigms and the lack of access to malware samples. This paper mainly focuses on IoT malware to understand the behaviors of malware on the most vulnerable layer of the Edge/Fog computing environments. Mainly, 64 IoT malware families are located from 2008 when the first known IoT malware emerged to October 2022. These malware families are systematically characterized from various aspects, including target architecture, target device, delivery methods, attack vectors, persistence techniques, and their evolution from existing malware. During this characterization process, two different investigation frameworks, "Cyber Kill Chain" and "Mitre ATT&CK for ICS," have been adopted in different investigation layers. This paper aims to bring light to future researches with presented features of the IoT malware.
... IoT is an evolutionary technology that recently emerged, and soon it will become the key to smart-life. In 2016, 9 billion IoT devices used and the number still growing [7]. The good thing about IoT that it makes life easier, safer and more fun. ...
... Many researchers start to name IoT as the Internet of Vulnerabilities (IoV) or Internet of troubles, due to functionality mutation by cyber attackers. These vulnerabilities attracted attackers who start using the popular unsecured devices exposed to the internet to host their attacks [7], [9]. ...
... IoT security standards introduced by different standard organizations [22]. However, the most well-known IoT vulnerabilities exposed to hackers [7], [23] are: ...
Attackers take advantage of every second that the anti- vendor delays identifying the attacking malware signature and to provide notifications. In addition, the longer the detection period delayed, the greater the damage to the host device. To put it another way, the lack of ability to detect attacks early complicates the problem and rises serious harm. Consequently, this research intends to develop a knowledgeable anti-malware system capable of immediately detecting and terminating malware actions, rather than waiting for anti-malware updates. The research concentrates in its scope on the detection of malware on the Internet of Things (IoT), based on Machine Learning (ML) techniques. A latest open source ML algorithm called the Light Gradient Boosting Algorithm (LightGBM) has been used to develop our instant host and network layer anti-malware approach without any human intervention. For examination reasons, the suggested approach serves the LightGBM machine learning algorithm to adopt datasets obtained from real IoT devices using the LightGBM machine learning algorithm. The results indicate a successful method to detecting and classifying high accuracy malware at both network and host levels based on the Holdout method of cross-validation. Additionally, this result is better than many prior related studies which used different algorithms of Machine Learning and Deep Learning. Though, an old study which used the same dataset was the best among the literature. However, it still slightly less than what this study achieved, besides the complexity which deep learning adds. Lastly, the results show the ability of the proposed approach to detect IoT botnet attacks fast, which is a vital feature to end botnet activity before spreading to any new network device.
... On the other hand, IoT devices have become synonymous with poor security. This is because IoT devices are often designed with "poor security, or even none at all" [2]. Consequently, IoT has been dubbed the Insecurity of Things [3] and the Internet of Vulnerabilities [2]. ...
... This is because IoT devices are often designed with "poor security, or even none at all" [2]. Consequently, IoT has been dubbed the Insecurity of Things [3] and the Internet of Vulnerabilities [2]. Due to the ubiquitous presence of vulnerable IoT devices, IoT botnets have emerged as a significant threat to private individuals and enterprises by employing effective evasion mechanisms and targeting a wide range of systems and networks. ...
... This malware allows an attacker to control the devices to carry out tasks similar to a traditional botnet. The two core components of an IoT botnet are as follows [2]. ...
In recent years, the world has witnessed a significant increase in the number of IoT devices, with a global and continuous rise in the demand for their multipurpose applications. However, malicious use of IoT devices began to emerge among cyber-criminals. IoT-enabled cyberattacks and botnets, such as the Mirai botnet and its variants and imitators, demonstrate that the industry needs to better secure IoT devices and networks; otherwise, there will be higher risks of exposing the Internet's infrastructure and services to increasingly disruptive DDoS attacks. This paper presents the results of a study of IoT botnets. We focus on their distinctive characteristics, exploits used, and cyberattack capabilities. In total, we have reviewed and compared 46 recent IoT botnets. We also present details of the main CPU architectures targeted by these IoT botnets. We illustrate that IoT botnets pose a significant threat to private individuals and enterprises by employing effective evasion mechanisms, encrypted communication, and targeting a wide range of systems and networks.
... The IoT botnet consists of two primary components and an additional (optional) component. The first primary component is the Bot itself which can be an agent or an end zombie IoT device that performs the DDoS attacks on a command [67]. The second primary component is the command-and-control servers (C2Cs) that are used to control the bots. ...
... The loaders first log on to the vulnerable IoT device and then start to instruct the vulnerable IoT device to download malware. The malware distribution server is the location where the malware code is stored so that the loader navigates the infected IoT device to download it [67]. Figure 2 shows a diagram of how the IoT botnet attack is performed [68], [69]. ...
... 2) The ResNet50 [32] network for MIRAI [33] malware detection. We have used the following three hardware configurations to highlight the importance of our proposed hardware acceleration approach. ...
... Outcome Interpretation using Model Distillation To understand how model distillation gathers insights, let us consider an example on malware detection from ResNet50. The ML-based detector receives running data of MIRAI malware [33] as input in the format of a trace table, where each row represents the hex values in a register in specific clock cycles (each column represents a specific clock cycle). Figure 12 shows a snapshot of the trace table. ...
Machine learning (ML) is successful in achieving human-level artificial intelligence in various fields. However, it lacks the ability to explain an outcome due to its black-box nature. While recent efforts on explainable AI (XAI) has received significant attention, most of the existing solutions are not applicable in real-time systems since they map interpretability as an optimization problem, which leads to numerous iterations of time-consuming complex computations. Although there are existing hardware-based acceleration framework for XAI, they are implemented through FPGA and designed for specific tasks, leading to expensive cost and lack of flexibility. In this paper, we propose a simple yet efficient framework to accelerate various XAI algorithms with existing hardware accelerators. Specifically, this paper makes three important contributions. (1) The proposed method is the first attempt in exploring the effectiveness of Tensor Processing Unit (TPU) to accelerate XAI. (2) Our proposed solution explores the close relationship between several existing XAI algorithms with matrix computations, and exploits the synergy between convolution and Fourier transform, which takes full advantage of TPU's inherent ability in accelerating matrix computations. (3) Our proposed approach can lead to real-time outcome interpretation. Extensive experimental evaluation demonstrates that proposed approach deployed on TPU can provide drastic improvement in interpretation time (39x on average) as well as energy efficiency (69x on average) compared to existing acceleration techniques.
... With respect to the health sector, the AR application proposed in this study emulates the beating heart of the patient, in order to improve the patient-doctor interaction [19]. Another study combined the aspects of IOT and augmented reality to help caregivers get notified about the status of the patient and to help the patient using smart glass and receive information in the form of audio or text signal [20]. Another application of AR is reported for patients going through rehabilitation. ...
s: Augmented Reality (AR) and the Internet of Things (IOT) are trending technologies that have gained popularity in smart cities. In this paper, we propose a non-expansive and uncomplicated prototype that combines the two technologies, namely, the Internet of Things and Augmented Reality, to build an air quality monitoring system for a smart environment. The webAR application developed can be used on any device, and it control measurements of temperature, humidity, and air quality data collected from multiple IOT devices. In addition to the ease of use and speed of loading compared to other applications, our prototype offers an application that does not require installation, a major factor that limits user use. Finally, the paper indicates the prospects of these technologies and the challenges their development is facing.
... Current IoT devices are susceptible to network attacks such as denial of service [1], botnets [2], and penetration attacks [3]. The Mirai botnet attack is a distributed denial-of-service (DDoS) attack on IoT devices [4]. Mirai can incorporate connected devices extracted from smart homes into a "botnet" [2], leading to the shutdown of Dyn's infrastructure, a prominent US domain name service provider, affecting websites such as Twitter, PayPal, and GitHub. ...
With the rapid development of IoT technology, security concerns surrounding IoT devices have gained attention. An intrusion detection system for IoT can quickly and accurately identify highly redundant data features in IoT traffic categories. To reduce data, feature redundancy during the identification process, this study proposes the use of Extreme Gradient Boosting (XGBoost) for feature selection to obtain an optimal feature subset. Additionally, to improve the accuracy of identifying malicious traffic in IoT devices, a fusion model combining Convolutional Neural Networks (CNN) and Gated Recurrent Units (GRU) for IoT intrusion detection is proposed. Finally, a comparative analysis experiment is conducted between CNN-GRU and CNN-LSTM, demonstrating that the proposed model achieves lower processing time while ensuring accuracy. Furthermore, the proposed method outperforms classical IoT intrusion detection algorithms in terms of precision and recall.
... After several years, the focus of Botnet detection is to find the solution for encrypted and covert Botnet (Bortolameotti, 2014;Buriya et al., 2015;Burghouwt, 2015;Sanatinia & Noubir, 2015;Sherry et al., 2015;Tyagy et al., 2016;Jianguo et al., 2016;Cha & Kim, 2017;Zhang, 2017). 2015 onward, IoT bot becomes a hit especially after the Mirai attack (Moon et al., 2015;Angrishi, 2017;Kolias et al., 2017). ...
Services and applications online involve information transmitted across the network, and therefore, the issue of security during data transmission has become crucial. Botnet is one of the prominent methods used by cybercriminals to retrieve information from internet users because of the massive impact caused by the bot armies. Thus, this chapter provides a study of Botnet and the impact of Botnet attacks especially on the security of information. In order to survive, Botnet implemented various evasion techniques, and one of the notorious ones is by manipulating an encrypted channel to perform their C&C communication. Therefore, the authors also review the state of the art for Botnet detection and focus on machine learning-based Botnet detection systems and look into the capabilities of machine learning approaches to detect this particular Botnet. Eventually, they also outline the limitations of the existing Botnet detection approach and propose an autonomous Botnet detection system.
... The N-BaIoT dataset contains approximately seven million examples with 115 properties. As a result of the evolution of IoT cyber-attacks, the adversary relies on botnets to exploit such vulnerabilities, transforming the IoT into a vulnerable Internet [29]. ...
In the past few years, Convolutional Neural Networks (CNN) have demonstrated promising performance in various real-world cybersecurity applications, such as network and multimedia security. However, the underlying fragility of CNN structures poses major security problems, making them inappropriate for use in security-oriented applications, including computer networks. Protecting these architectures from adversarial attacks necessitates using security-wise architectures that are challenging to attack. In this study, we present a novel architecture based on an ensemble classifier that combines the enhanced security of 1-Class classification (known as 1C) with the high performance of conventional 2-Class classification (known as 2C) in the absence of attacks. Our architecture is referred to as the 1.5-Class (cmb-classifier) classifier and is constructed using a final dense classifier, one 2C classifier (i.e., CNNs), and two parallel 1C classifiers (i.e., auto-encoders). In our experiments, we evaluated the robustness of our proposed architecture by considering eight possible adversarial attacks in various scenarios. We performed these attacks on the 2C and cmb-classifier architectures separately. The experimental results of our study showed that the Attack Success Rate (ASR) of the I-FGSM attack against a 2C classifier trained with the N-BaIoT dataset is 0.9900. In contrast, the ASR is 0.0000 for the cmb-classifier.
... As a result, malware detection systems that can handle severe attacks must be patched and developed. The defense system has been created since the beginning of malware attacks on computer systems [7]. As we all know, malware development moves at a breakneck speed, and the sophistication of malware authoring grows by the day. ...
Malware detection is a critical component of computer system security. Additionally Signature-based approaches are futile in detection of zero-day attacks and polymorphic infections. As a result, machine learning-based detection becomes necessary. The goal of this study was to find the optimum feature extraction, feature representation, and classification algorithms for using on top of LGBM (Light GBM) and XGB (Extreme Gradient Boosting) classifiers to get the best accuracy. The dataset for this investigation included 1156 malware files from nine different families, as well as 984 benign files in various formats. This paper outlines recommended approaches for malware categorization and detection using machine learning, as well as implementation guidance. Furthermore, the research conducted can serve as a future effort in the meadow of malware analysis using machine learning methodologies will be built on this basis. To increase the feature set and lower the detection false positive rate, this research employs the LGBM (Light GBM) and XGB (Extreme Gradient Boosting) classifiers. On a benchmark classification, we used a range of machine learning methods in our tests. Proposed system has a malware detection rate comparable to the state of the art and shows promise in categorization forecasts, allowing it to deal with obfuscation and the growing volume of malware.
... Simply put, IoT connects physical devices such as CCTV, lights, televisions, refrigerators, and even house doors to the Internet continuously and can be controlled remotely via a smartphone [1], monitor it [2], [3], or issue information to other devices [4], [5]. Recently, many reports of attacks on IoT device vulnerabilities have been reported [6]- [8]. However, due to its rapid development, a problem emerged that harmed IoT devices, one of which was a DDOS attack of the Mirai malware [9]- [11]. ...
The development of computing technology in increasing the accessibility and agility of daily activities currently uses the Internet of Things (IoT). Over time, the increasing number of IoT device users impacts access and delivery of valuable data. This is the primary goal of cybercriminals to operate malicious software. In addition to the positive impact of using technology, it is also a negative impact that creates new problems in security attacks and cybercrimes. One of the most dangerous cyberattacks in the IoT environment is the Mirai botnet malware. The malware turns the user's device into a botnet to carry out Distributed Denial of Service (DDoS) attacks on other devices, which is undoubtedly very dangerous. Therefore, this study proposes a k-nearest neighbor algorithm to classify Mirai malware-type DDOS attacks on IoT device environments. The malware classification process was carried out using rapid miner machine learning by conducting four experiments using SYN, ACK, UDP, and UDPlain attack types. The classification results from selecting five parameters with the highest activity when the device is attacked. In order for these five parameters to be a reference in the event of a malware attack starting in the IoT environment, the results of the classification have implications for further research. In the future, it can be used as a reference in making an early warning innovative system as an early warning in the event of a Mirai botnet attack.
... The N-BaIoT dataset contains approximately seven million examples with 115 properties. As a result of the development of IoT cyber-attacks, the adversary relies on botnets to leverage such vulnerability, turning the IoT into an internet so vulnerable [17], [18]. The N-BaIoT dataset rely on BASHLITE and Mirai botnets, which are two widely-known IoT-based botnets. ...
In the past few years, Convolutional Neural Networks (CNN) have demonstrated promising performance in various real-world cybersecurity applications, such as network and multimedia security. However, the underlying fragility of CNN structures poses major security problems, making them inappropriate for use in security-oriented applications including such computer networks. Protecting these architectures from adversarial attacks necessitates using security-wise architectures that are challenging to attack. In this study, we present a novel architecture based on an ensemble classifier that combines the enhanced security of 1-Class classification (known as 1C) with the high performance of conventional 2-Class classification (known as 2C) in the absence of attacks.Our architecture is referred to as the 1.5-Class (SPRITZ-1.5C) classifier and constructed using a final dense classifier, one 2C classifier (i.e., CNNs), and two parallel 1C classifiers (i.e., auto-encoders). In our experiments, we evaluated the robustness of our proposed architecture by considering eight possible adversarial attacks in various scenarios. We performed these attacks on the 2C and SPRITZ-1.5C architectures separately. The experimental results of our study showed that the Attack Success Rate (ASR) of the I-FGSM attack against a 2C classifier trained with the N-BaIoT dataset is 0.9900. In contrast, the ASR is 0.0000 for the SPRITZ-1.5C classifier.
... Human interaction is not required for communication between devices [23]. The Worldwide Interoperability for Microwave Access (WiMAX) allows the high-speed data transfer (30)(31)(32)(33)(34)(35)(36)(37)(38)(39)(40) and belongs to IEEE 802.16 wireless family. ...
IoT is the networking of daily use objects. Internet of Things amalgamates various kinds of physical object to communicate with each other directly. These objects are commonly known as constrained devices. Constrained devices work with low memory, low storage, and low computation power. Implementing security algorithms in these devices is challenging. The researchers take these challenges as opportunity. The diverse and heterogeneous structure of the IoT phenomenon introduces a variety of new security risks and challenges. Many threats, like botnets, home intrusion, remote control of the IoT devices, and man in the middle attacks, are emerging and need a stronger security implementation to protect IoT devices from being compromised. The authors surveys different kinds of IoT networking technologies, security challenges and solutions of these challenges to form more secure IoT environment for trustful adoption of services through industrial or personal use. In this paper, the authors presented a study of numerous networking technologies along with possible threats and their countermeasures.
... It turns networked devices (noticeably IoT devices) into remotely controlled "bots" that can be used as part of a botnet in Distributed Denial-of-Service attacks (DDoS). The Mirai botnet was first found in August 2016 and it has been used in some of the largest and most disruptive DDoS attacks, including an attack in September 2016 on the French web host OVH and on security blogger Brian Krebs [12], [13]. If Mirai has infected a system, it tries to spread to other systems. ...
... In some cases, an attacker could take control of the device itself to deploy on top of it a botnet [3]. This idea is presented as the Internet of Vulnerabilities (IoV) in [4]. ...
... The bots attack a machine in response to the commands from the bot-master [48]. IoT is the favorite place of botnets because due to the lack of good security features the devices allow malware transmission [49]. Mirai botnet is the most notorious denialof-service attack that was held in 2016. ...
ABSTARCT Internet of Things (IoT) has emerged as a very significant research area. In IoT, billions of 'things' are connected which communicate with one another over a network. While communicating among 'things', their users face several types of application and technical challenges. IoT system infrastructure comprises several layers. Different researches have been conducted so far to detect vulnerabilities, threats, and attacks arising in the IoT environment. Modern IoT architectures consist of physical and network components apart from different kinds of services and solutions. IoT systems face several services and security challenges. Privacy and security problems in IoT systems are quite unpredictable. The main objective of this paper is to identify and classify various security challenges faced by IoT users. Several types of security and privacy issues have been addressed in the present paper. This paper also presents a classification of security and privacy issues considered in different levels of IoT architecture.
... The downstream of machine learning examination is an expansion for the learning approach yet to be considered [14]. Larger number of IoT devices connected with the Internet creates an issue of security and makes the situation vulnerable to the Botnet attack [15]. Approach is well suited for detecting compromised IoT devices, because these connected appliances are typically task-oriented. ...
In an Internet of Things (IoT) environment, any object, which is equipped with sensor node and other electronic devices can involve in the communication over wireless network. Hence, this environment is highly vulnerable to Botnet attack. Botnet attack degrades the system performance in a manner difficult to get identified by the IoT network users. The Botnet attack is incredibly difficult to observe and take away in restricted time. there are challenges prevailed in the detection of Botnet attack due to number of reasons such as its unique structurally repetitive nature, performing non uniform and dissimilar activities and invisible nature followed by deleting the record of history. Even though existing mechanisms have taken action against the Botnet attack proactively, it has been observed failing to capture the frequent abnormal activities of Botnet attackers .When number of devices in the IoT environment increases, the existing mechanisms have missed more number of Botnet due to its functional complexity. So this type of attack is very complex in nature and difficult to identify. In order to detect Botnet attack, Heterogeneous Ensemble Stacking PROSIMA classifier is proposed. This takes advantage of cluster sampling in place of conventional random sampling for higher accuracy of prediction. The proposed classifier is tested on an experimental test setup with 20 nodes. The proposed approach enables mass removal of Botnet attack detection with higher accuracy that helps in the IoT environment to maintain the reliability of the entire network.
... There are many IRC commands which are supported by this bot which includes "PRIVMSG" which is used to instruct the bot to do some malicious actions like downloading unnecessary files, flooding, Telnet Scanning, etc. Some of the features which have been seen on this malware are the capability to kill other processes, this majorly includes killing other malware instances [11]. This malware penetrates themselves into the network because of the vulnerabilities in security routers, with the help of which it gains access to the complete network. ...
Internet of Things is used for those devices, which are connected over a network, once the devices are connected to the internet they are known as smart devices. These devices share information and communicate with each other to influence our day to day lives. Due to the rise in these devices, security is compromised. Malware is malicious software that can damage the computer, server, or network intentionally. Malware can also exploit the confidentiality, integrity, availability (CIA) triad. Rather than the traditional malware, IoT malware can damage different internet connected devices such as routers, DVRs, CCTV, or many internets connected devices. The IoT devices are more vulnerable due to weak passwords, missing authentication schemes, backdoor entries, lack of high-security algorithms, and plug and play services. There is no widespread survey available about IoT malware in an efficiently organized manner, publicly. In this article, we have classified the IoT malware according to their release and provide on the basis of their functionalities, growth, revolution, and their detection mechanism. We perform DDoS attack on Raspberry PI to hamper the home automation system. We employ Wireshark to monitor network traffic and demonstrate the service unavailability.
... The N-BaIoT datasets contain 115 features and around seven million instances. With the increase of the IoT cyber attacks, which turns out the Internet of Things into the internet of vulnerabilities, the adversaries rely on using botnets to exploit such vulnerabilities [27]. The generation of malicious IoT traffic for the N-BaIoT datasets is performed by compromising nine commercial devices by two wellknown IoT-based botnets: The BASHLITE botnet and the Mirai botnet. ...
Convolutional Neural Networks (CNNs) models are one of the most frequently used deep learning networks, and extensively used in both academia and industry. Recent studies demonstrated that adversarial attacks against such models can maintain their effectiveness even when used on models other than the one targeted by the attacker. This major property is known as transferability, and makes CNNs ill-suited for security applications. In this paper, we provide the first comprehensive study which assesses the robustness of CNN-based models for computer networks against adversarial transferability. Furthermore, we investigate whether the transferability property issue holds in computer networks applications. In our experiments, we first consider five different attacks: the Iterative Fast Gradient Method (I-FGSM), the Jacobian-based Saliency Map (JSMA), the Limited-memory Broyden Fletcher Goldfarb Shanno BFGS (L-BFGS), the Projected Gradient Descent (PGD), and the DeepFool attack. Then, we perform these attacks against three well-known datasets: the Network-based Detection of IoT (N-BaIoT) dataset, the Domain Generating Algorithms (DGA) dataset, and the RIPE Atlas dataset. Our experimental results show clearly that the transferability happens in specific use cases for the I-FGSM, the JSMA, and the LBFGS attack. In such scenarios, the attack success rate on the target network range from 63.00% to 100%. Finally, we suggest two shielding strategies to hinder the attack transferability, by considering the Most Powerful Attacks (MPAs), and the mismatch LSTM architecture.
Deep learning-based traffic anomaly detection methods are usually fed with high-dimensional statistical features. The greatest challenges are how to detect complex inter-feature relationships and localize and explain anomalies that deviate from these relationships. However, existing methods do not explicitly learn the structure of existing relationships between traffic features or use them to predict the expected behavior of traffic. In this work, we propose a network flow-based IoT anomaly detection approach. It extracts traffic features in different channels as time series. Then a graph neural network combined with a structure learning approach is used to learn relationships between features, which allows users to deduce the root cause of a detected anomaly. We build a real IoT environment and deploy our method on a gateway (simulated with Raspberry PI). The experiment results show that our method has excellent accuracy for detecting anomaly activities and localizes and explains these deviations.KeywordsDeep learningAnomaly detectionInternet-of-thingsNetwork flowGraph neural network
Edge computing reduces network latency and improves service responsiveness by bringing services down to the edge. Compared to servers in the cloud center, edge devices are deployed more decentralized. Also, due to size and resource constraints, edge devices are difficult to manage or update security patches uniformly in real time. It makes it easier for malicious traffic to affect the security of the edge environment. In this paper, we propose a container migration method based on malicious traffic detection. We build a graph using the graph structure features of network flows to instantly detect the attacked nodes in the network and obtain the list of container services to be migrated. Considering energy consumption and network load balancing, a genetic algorithm based on non-dominated ranking is used to generate a strategy for container migration for edge networks.KeywordsContainer MigrationEdge ComputingMulti-Objective Optimization
The upward trend in the percentage of the population older than 65 has made smart aging more relevant than ever before. Growing old in a traditional assisted living facility can take a toll on the mental well-being of the elderly individual, on top of other factors like extravagant costs, potential negligence from caregivers, and a ceaseless demand for healthcare personnel. Aging in one’s own space instead of a senior residence is the desirable alternative thanks to enabling technologies like the Internet of Things (IoT). The IoT facilitates connected healthcare, safety, entertainment, and social well-being of the older population. However, it suffers from a multitude of security vulnerabilities. Although researchers have investigated the security challenges of several IoT ecosystems, IoT systems in the context of smart aging care have not been well studied from a security perspective. In this paper, we present an in-depth analysis of smart aging care system security issues. A smart aging care system is essentially a superset of smart homes and healthcare monitoring systems. The sheer variety of technologies at play and the amount of data generated, combined with physical vulnerabilities and a lack of technological exposure of the intended occupant group put smart aging care systems at great risk. Attacks against relatively benign smart home devices can bring serious consequences because of the context in which these devices are employed. Thus, the purpose of our study is four-fold: (i) defining the components and functionalities of a smart aging care system, (ii) identifying security vulnerabilities and outlining suitable countermeasures for them, (iii) analyzing how the attacks uniquely impact senior users’ Quality of Life (QoL), (iv) highlighting avenues for future research and how the threat landscape in smart aging care systems differ from general smart homes.
The devices forming Internet of Things (IoT) networks need to be re-programmed over the air, so that new features are added, software bugs or security vulnerabilities are resolved, and their applications can be re-purposed. The limitations of IoT devices, such as installation in locations with limited physical access, resource-constrained nature, large scale, and high heterogeneity, should be taken into consideration for designing an efficient and reliable pipeline for over-the-air programming (OTAP). In this work, we present a survey of OTAP techniques, which can be applied to IoT networks. We highlight the main challenges and limitations of OTAP for IoT devices and analyze the essential steps of the firmware update process, along with different approaches and techniques that implement them. In addition, we discuss schemes that focus on securing the OTAP process. Finally, we present a collection of state-of-the-art open-source and commercial platforms that integrate secure and reliable OTAP.
Internet of Things (IoT) devices are becoming an integral part of our lives. Although IoT is bringing convenience to control devices through smartphones, they are also vulnerable to security breaches. In this paper, we demonstrated the vulnerabilities by conducting Denial-of-Service (DoS) attack on some commonly available IoT devices that were easily identified after scanning the home network. After the DoS attack, the performance of those affected devices is analyzed. For the test purpose, we have considered a hypothetical situation where we have assumed that an attacker has gained access to the home network already. Overall if the attacker has some knowledge and the appropriate attack tools after they get access to the network, they can use those tools to render an attack on the IoT devices. These attacks may either make those devices useless or can alter the performance of the devices and can even steal sensitive information. This can have a serious impact on the safety of the users of the devices. As test subjects, we have used Google Home Mini, Lenovo Smart Plug, and Samsung Powerbot Vacuum as our IoT devices.
The IoT security attacks are increasing because of the inefficiency of installed security mechanisms and growth in the industry. One of the prominent attacks is IoT botnet attacks (IBA). There are multiple types of botnet attacks. The detection of IBA will help to resolve the security breaches and limitations of the security mechanisms. The research work is the empirical evaluation of machine learning classifiers for multi-class classification of IBA with various cross-validation (CV) approaches. The occurrence of each class instance in the training phase makes a significant impact on model prediction. The participation of each class instance is ensured by CV techniques. The validation techniques used for performance evaluation are K-fold cross-validation (KCV) and stratified K-fold cross-validation (SKCV). Rather than doing the detection of IoT attacks on simulated or emulated data, the classifiers implement an experimental evaluation of real-time traffic data.
Protecting IoT networks and infrastructure is one of the top priorities in today's computing industry because of the unnerving and exponential development in cyberattacks and security breaches in IoT. Lightweight IoT networks had been one of the easiest targets for attackers in botnet formation and distributing malware. The research in the paper identifies IoT networks formed by devices with minimal computing resources, such as less battery life, processing power, memory, and more importantly, minimal security, protecting infrastructure, and defense mechanisms, as being lightweight IoT networks that are easily vulnerable to DDoS attacks and disseminating malware. It is investigated by many researchers that development and progress in intrusion detection systems is the need of an hour to safeguard lightweight IoT networks. The manuscript proposes a lightweight Intrusion detection system with a novel data pre-processing technique while using machine learning and deep learning classifiers. The manuscript introduces various types of classifiers, employed to form lightweight intrusion detection systems well suited for protection against Distributed Denial of Services attacks in IoT networks. The datasets used for the experiments and investigation are BOT-IoT and the Network dataset of TON-IoT by the University of New South Wales Sydney (UNSW) Australia. DDoS attack instances are derived from both datasets. Two different experiments are performed on each dataset i.e.; for binary classifications of attack labels, one experiment for all attacks, and another experiment for the DDoS attack only in both datasets. Attack classes in the BOT-IoT dataset compared with the TON-IoT dataset are highly imbalanced. We have used Synthetic Minority oversampling Technique (Smote()) variants for class balancing in the experiments performed on the BOT-IoT dataset.
Ultrashort pulses with exceptionally broad bandwidth and low power are transmitted and received by ultrawideband radar systems. While these features make UWB radars safe for use around people and compatible with other equipment, they also make it more difficult to detect the echo signal they produce. As a result, the radar antenna is crucial in UWB systems; in fact, it must be able to meet the broad band of frequency response and directivity requirements simultaneously. It is suggested that a radiated beam or gadgets worn on the body be used to minimize “losses” to the surroundings. In UWB imaging devices, a very narrow pulse is broadcast from a UWB antenna to penetrate the body. When the pulse travels through several tissues, reflections and scattering take place at the interfaces. Special attention should be paid to the diffused signal from a tumor-initiating small-tissue sample.
Internet de las Cosas (IoT) es un entorno de comunicación que conecta componentes tecnológicos diversos en una arquitectura integrada para el proce-samiento y control de funcionalidades del mundo físico y digital. Este contexto, de amplio impacto social, también está a disposición de la delincuencia virtual. En este contexto se propone una guía de acción para el análisis forense cuando se deba buscar evidencia digital en entornos IoT. El trabajo aborda la aplicación de una Guía de Actuación Forense para Entornos IoT en un caso ejemplo que analiza vulnerabilidades y el proceso de recolección de la evidencia digital nece-saria, para finalizar con un conjunto de recomendaciones con impacto en la me-jora de la calidad de la arquitectura de seguridad del modelo IoT.
Anomaly detection in smart homes is paramount in the prevailing information age as smart devices remain susceptible to sophisticated cyber-attacks. Hackers exploit vulnerabilities such as weak passwords and insecure, unencrypted data transfer to launch Distributed Denial of Service (DDoS) attacks. Sensible deployment of conventional security measures is jeopardized by the heterogeneity and resource constraints of smart devices. This article presents a novel approach that leverages the power consumption of Internet of Things (IoT) devices to detect anomalous behavior in smart home environments. We prototype a smart camera using Raspberry Pi and gather power traces for normal activity. Furthermore, we model DDoS attacks on the experimental setup and generate attack traces of power consumption. Besides, we compare the performances of several machine learning models for accurate prediction of the presence of anomalies. A deep feed-forward neural network model achieves an accuracy of 99.2% compared to other models. Empirical evaluations of the proposed concept affirm that power consumption is a promising parameter in detecting anomalies in smart homes. The proposed method is suitable for smart homes as it does not impose additional overhead on resource-constrained IoT devices.
The Internet of Things (IoT) is a network of physical objects or “things” implanted with electronics, software, sensors, and connectivity to allow them to exchange data with servers, centralized systems, and other connected devices using several communication systems. IoT data is assembled from various sensors, nodes, and collectors and sent to the cloud. It is the most reliable framework for improving the quality and comfort of human life. It has made a substantial contribution to a wide range of applications. By 2020, it is expected that 31 billion IoT devices will be deployed worldwide. The rapid growth of smart devices and their reliance on wireless mechanics for data transfer have increased their vulnerability to cyberattacks. As a result, studying IoT security dangers and viable countermeasures can aid academics in discovering acceptable solutions to various cybercrime investigation challenges. In this study, various security vulnerabilities at each layer are also examined in‐depth and corrective options for smart city applications and Industry 4.0. A comparison analysis of IoT/IIoT wireless communication features and security challenges in IoT systems is also part of this study. The relevance of IoT forensics in cybercrime investigation in many areas such as smart homes, smart cities, automated cars, and healthcare is also discussed in this study. This article presents IoT security concerns and open issues, laying the groundwork for future research. In this study, various security vulnerabilities at each layer are also examined in‐depth, as well as corrective options for smart city applications and Industry 4.0. The relevance of IoT forensics in cybercrime investigation in many areas such as smart homes, smart cities, automated cars, and healthcare are also discussed in this study.
The steady diminishment of hardware and growth in energy competence has made viable, the combination of acumen obsessed by usual gadgets. This fashion of enhancing so-referred to as non intellectual unremarkable devices with calculation abilities have led to the development of the IoT-domain. By means of widespread variety of applications, such as domestic mechanization, and vital substructure supervision, the IoT structures make convincing objectives for cyber outbreaks. So as to correctly conciliate these organizations, challengers hire diverse superior chronic menace (APT) techniques, among them one such cultured method is being botnets.
There has been an overwhelming increase of connected Internet of Things (IoT) devices on the market in recent years, and the number is rapidly growing. The applications for IoT are nearly endless, and the emergence of house assistants made IoT available for the masses and everyday consumers. With this exponential growth come challenges, and one of the most pressing is perhaps the risk of privacy breach. These small IoT devices rarely have any real computing power, and therefore are rarely equipped with antivirus software or other safeguards. Most IoT devices rely on the same communication protocols that they have always used, and with the evolution of the internet of things, and the internet in general, there are revealed new vulnerabilities everyday due to little or no effort to update or patch the existing software in these devices. Even the companies that publish their device specifications and information, leave it almost impossible for the user to understand, or even find said information. With the Risk Assessment model, this research aims to give the users of smart devices a tool to determine the potential risks that are involved with the internet of things and the many different smart devices.KeywordsInternet of ThingsPrivacySmart household
People and urban economies have benefited greatly from smart cities' better quality of life and services. They have complete power over physical objects in real-time and can provide intelligent information to people in areas such as transportation, healthcare, building automation, public safety, smart parking, and traffic systems, as well as smart agriculture. Smart city apps have the ability to collect confidential data. At different levels of the architecture, nevertheless, various security and privacy issues can arise. As a result, it's important to consider these security and privacy concerns when developing and implementing applications. The key applications of smart cities are highlighted in this paper and the major security and privacy problems in the design of smart city applications. It discusses some of the latest protection and privacy strategies for information-centric smart city applications and potential research issues that must be identified for performance enhancement.KeywordsEdge computingPrivacyFog computingIoTSmart cityCyber-attacksEncryption
Today, the Internet of Things (IoT) is extending due to a wide range of applications and services. The variety of devices connected to the internet, the discussion of security on these networks is a challenging issue. Security includes diverse aspects such as botnets. Botnets are a set of devices such as smartphones, computers, and others polluted by a program. This program, which is a bot herder, performs many deleterious operations and leads to various anomalies in the network. Identifying botnets due to their unique complexity is one of the main challenges in IoT security. In this paper, we propose a model for identifying botnets in the internet of things. The proposed method is based on selecting features using the modified League Championship Algorithm (LCA) and constructing the model using artificial neural networks. Feature selection speeds up the learning process and increases the resolution of botnets. The proposed method is simulated using MATLAB. The results reveal that the proposed method can make a better detection method than other schemes, and our modified version selects an optimal subset of features. As a result, it is an efficient model.
Botnets are a group of compromised devices taken over and commanded by a malicious actor known as a botmaster. In recent years botnets have targeted Internet of Things (IoT) devices, significantly increasing their ability to cause disruption due to the scale of the IoT. One such IoT-based botnet was Mirai, which compromised over 140,000 devices in 2016 and was able to conduct attacks at speeds over 1 Tbps. The dynamic structure and protocols used in the IoT may potentially render conventional botnet detection techniques described in the literature incapable of exposing compromised devices. This paper discusses part of a larger project where traditional botnet detection techniques are evaluated to demonstrate their capabilities on IoT-based botnets. This paper describes an experiment involving the reconstruction of a traditional botnet detection technique, BotMiner. The experimental parameters were varied in an attempt to exploit potential weaknesses in BotMiner and to start to understand its potential performance against IoT-based botnets. The results indicated that BotMiner was able to detect IoT-based botnets surprisingly well in various small-scale scenarios, but produced false positives in more realistic, scaled-up scenarios involving IoT devices that generated traffic similar to botnet commands.KeywordsBotnetInternet of ThingsMiraiBotMinerDetection
Someone just used the Mirai Botnet to knock an entire country Offline Source: http://www.forbes.com/sites/leemathewssomeone-just-used-the-mirai-botnet-t [38] JanitaDDoS Attack halts heating in Fin- land amidst winter
- L. Mathews Forbes
L. Mathews, "Someone just used the Mirai Botnet to knock
an entire country Offline," in Forbes, Forbes, 2016. Source:
http://www.forbes.com/sites/leemathews/2016/11/03/someone-just-used-the-mirai-botnet-t
[38] Janita,
"DDoS
Attack
halts
heating
in
Fin-
land
amidst
winter,"
in
Metropolitan,
2016.
Source:
http://metropolitan.fi/entry/ddos-attack-halts-heating-in-finland-amidst-winter.
Russian Banks Become Latest Victim of Mirai Cyberattacks
- A Cuthbertson
A. Cuthbertson, "Russian Banks Become Latest Victim of Mirai
Cyberattacks," in Newsweek, Newsweek Europe, 2016. Source:
http://www.newsweek.com/russian-banks-become-latest-victim-mirai-cyberattack-botnet-5
New Windows Trojan Spreads MIRAI Malware To Hack More IoT Devices
S. Khandelwal, "New Windows Trojan Spreads MIRAI
Malware To Hack More IoT Devices", February 2017. Source:
http://thehackernews.com/2017/02/mirai-iot-botnet-windows.html.
Russia: Hackers target financial sector
- M Beinart
M. Beinart, "Russia: Hackers target financial sector," in
Organized Crime and Corruption Reporting Project, 2016. Source:
https://www.occrp.org/en/daily/5790-russia-hackers-target-major-russian-banks.
The Internet of things is growing faster than the ability to defend it
- L Greenemeier
L. Greenemeier, "The Internet of things is growing faster
than the ability to defend it," Scientific American, 2016. Source:
https://www.scientificamerican.com/article/iot-growing-faster-than-the-ability-to-defend-it/.
New IoT Botnet Malware borrows from Mirai
- M Mimoso
- C Brook
- T Spring
M. Mimoso, C. Brook, and T. Spring, "New IoT Botnet
Malware borrows from Mirai," Threatpost, 2016. Source:
https://threatpost.com/new-iot-botnet-malware-borrows-from-mirai/121705/.
Mutating Qbot worm Infects over 54, 000 PCs at organizations worldwide
- G Cluley
G. Cluley, "Mutating Qbot worm Infects over 54, 000 PCs
at organizations worldwide," in Tripwire, Tripwire, 2016. Source:
https://www.tripwire.com/state-of-security/featured/qbot-malware/.
Who makes the IoT things under attack?
- B Krebs
B. Krebs, "Who makes the IoT things under attack?", 2016. Source:
https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/.
More insights on alleged DDoS attack against Liberia using Mirai Botnet
- M Kumar
M. Kumar, "More insights on alleged DDoS attack against Liberia using
Mirai Botnet," in The Hacker News, The Hacker News, 2016. Source:
https://thehackernews.com/2016/11/ddos-attack-mirai-liberia.html.
Hacker claims to take down Russian bank Websites on election day Source: http://motherboard.vice.com/read/hacker-claims-to-take-down-russian-bank-websites-on-e [50The Internet of Things: New Threats Emerge in a Connected World
- J Cox
J. Cox, "Hacker claims to take down Russian bank Websites
on election day," in Motherboard, Motherboard, 2016. Source:
http://motherboard.vice.com/read/hacker-claims-to-take-down-russian-bank-websites-on-e
[50] "The Internet of Things: New Threats Emerge in a
Connected World," in Symantec, Symantec, 2014. Source:
https://www.symantec.com/connect/blogs/internet-things-new-threats-emerge-connected-w
Breaking Down Mirai: An IoT DDoS Botnet Analysis
- I Zeifman
- D Bekerman
- B Herzberg
I. Zeifman, D. Bekerman, and B. Herzberg, "Breaking Down
Mirai: An IoT DDoS Botnet Analysis," in Imperva. Source:
https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html.
Gartner Says 6.4 Billion Connected 'Things' Will Be in Use in 2016, Up 30 Percent From
- R Van Der Meulen
R. van der Meulen, "Gartner Says 6.4 Billion Connected 'Things' Will
Be in Use in 2016, Up 30 Percent From 2015," in Gartner, 2015. Source:
http://www.gartner.com/newsroom/id/3165317.
Popular Internet of Things Forecast of 48 Billion Devices by 2020 Is Outdated
- A Nordrum
A. Nordrum, "Popular Internet of Things Forecast of 48
Billion Devices by 2020 Is Outdated", August 2016, Source:
http://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-48-billion-devices-by-2020-is-outdated
Unlocking the Potential of the Internet of Things
- Mckinsay Global Institute
McKinsay
Global
Institute,
"Unlocking
the
Potential
of
the
Internet
of
Things",
June
2015,
Source:
http://www.mckinsey.com/industries/high-tech/our-insights/the-internet-of-things-the-value-of-digitizing-the-physical-world
Hydra IRC bot, the 25 minute overview of the kit
- Infodox
Infodox, "Hydra IRC bot, the 25 minute overview of the kit", 2011,
Source: http://insecurety.net/?p=90
Shadows Kill' -Mirai DDoS botnet testing large scale attacks, sending threatening messages about UK and attacking researchers
- K Beaumont
K. Beaumont, "'Shadows Kill' -Mirai DDoS botnet testing
large scale attacks, sending threatening messages about UK
and attacking researchers" in Medium, Medium, 2016. Source:
https://medium.com/@networksecurity/shadows-kill-mirai-ddos-botnet-testing-large-scale
Someone just used the Mirai Botnet to knock an entire country Offline
- L Mathews
L. Mathews, "Someone just used the Mirai Botnet to knock
an entire country Offline," in Forbes, Forbes, 2016. Source:
http://www.forbes.com/sites/leemathews/2016/11/03/someone-just-used-the-mirai-botnet-t
DDoS Attack Takes Down Central Heating System Amidst Winter in Finland
- M Kumar
M. Kumar, "DDoS Attack Takes Down Central Heating System Amidst
Winter in Finland," in The Hacker News, The Hacker News, 2016. Source:
http://thehackernews.com/2016/11/heating-system-hacked.html.
Hackers use DDoS Attack to Cut Heat to Apartments
- L Mathews
L.
Mathews,
"Hackers
use
DDoS
Attack
to
Cut
Heat to Apartments," in Forbes, Forbes, 2016. Source:
http://www.forbes.com/sites/leemathews/2016/11/07/ddos-attack-leaves-finnish-apartments
Flashpoint -flashpoint monitoring of Mirai shows attempted DDoS of trump and Clinton Websites
- A Nixon
- J Costello
- R Tokazowski
A. Nixon, J. Costello, and R. Tokazowski, "Flashpoint -flashpoint
monitoring of Mirai shows attempted DDoS of trump and Clinton
Websites," in Flashpoint Cybercrime, Flashpoint, 2016. Source:
https://www.flashpoint-intel.com/attempted-ddos-trump-and-clinton-websites/.
Hackers Target Pro-Clinton Phone Banks -But Hit Trump's Too
- A Greenberg
A. Greenberg, "Hackers Target Pro-Clinton Phone Banks
-But Hit Trump's Too," in Wired, WIRED, 2016. Source:
https://www.wired.com/2016/11/hackers-target-pro-clinton-phone-banks-hit-trumps/.
WikiLeaks Releases DNCLeak2
- A Uzunovic
A.
Uzunovic,
"WikiLeaks
Releases
DNCLeak2;
Internet of Things Research Study
HP, "Internet of Things Research Study", 2014, Source:
http://go.saas.hpe.com/l/28912/2015-07-21/32bhy3/28912/69168/IoT_Report.pdf
Russian banks floored by withering DDoS attacks
- L John
L.
John,
"Russian
banks
floored
by
withering
DDoS
attacks,"
in
The
Register,
2016.
Source:
http://www.theregister.co.uk/2016/11/11/russian_banks_ddos/.
Hacker claims to take down Russian bank Websites on election day
- J Cox
J. Cox, "Hacker claims to take down Russian bank Websites
on election day," in Motherboard, Motherboard, 2016. Source:
http://motherboard.vice.com/read/hacker-claims-to-take-down-russian-bank-websites-on-e
BASH-LITE family of Malware Infects 1 Million IoT devices
- T Spring
- K Carpenter
- M Mimoso
T.
Spring,
K.
Carpenter,
and
M.
Mimoso,
"BASH-LITE family
of
Malware
Infects
1
Million
IoT
devices,"
in
Threat
Post,
Threatpost,
2016.
Source:
https://threatpost.com/bashlite-family-of-malware-infects-1-million-iot-devices/120230/.
Source code for IoT Botnet 'Mirai' released
- B Krebs
B.
Krebs,
"Source
code
for
IoT
Botnet
'Mirai'
released,"
in
KrebsonSecurity,
2016.
Source:
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/.
A new study shows the internet is far more vulnerable to attacks than previously thought
- A Cuthbertson
A. Cuthbertson, "A new study shows the internet is
far more vulnerable to attacks than previously thought,"
in
News
Week,
Newsweek
Europe,
2016.
Source:
http://www.newsweek.com/internet-things-devices-cybersecurity-hackers-ddos-515437.
Mirai (DDoS) source code review
- C Barker
C.
Barker,
"Mirai
(DDoS)
source
code
review,"
in
Medium,
Medium,
2016.
Source:
https://medium.com/@cjbarker/mirai-ddos-source-code-review-57269c4a68f#.1n4ecpxz4.
Alert (TA16-288A) : Heightened DDoS Threat Posed by Mirai and Other Botnets
- Us-Cert
US-CERT, "Alert (TA16-288A) : Heightened DDoS Threat
Posed by Mirai and Other Botnets", October 2016, Source:
https://www.us-cert.gov/ncas/alerts/TA16-288A
Hacked Cameras, DVRs Powered Today's Massive Internet Outage
- B Krebs
B.
Krebs,
"Hacked
Cameras,
DVRs
Powered
Today's
Massive
Internet
Outage",
2016.
Source:
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-intern
FTC Charges D-Link Put Consumers' Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras
- Ftc Press Release
FTC Press Release, "FTC Charges D-Link Put Consumers' Privacy at Risk Due to the Inadequate Security
of Its Computer Routers and Cameras", 5 January 2017,
https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers
Who is Anna-Senpai, the Mirai Worm Author?
- B Krebs
B.
Krebs,
"Who
is
Anna-Senpai,
the
Mirai
Worm
Author?",
January
2017,
Source:
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/