Article

Heimdall: Mitigating the Internet of Insecure Things

Authors:
  • Microsoft Security
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The most relevant existing research is [21], where authors secure IoT devices from botnet attacks using device profiling at gateway level. For each monitored device a profile was created on the gateway, consist of IPs that can communicate with the respective device. ...
... But our proposed framework has certain distinctions. Firstly, [21] proposed one level of security, create a profile of white listed IPs and only allow them to communicate with the respective device. Such defense mechanism has certain flaws; malicious IP can be part of white-list and malicious communication can be carried out by a trusted IP. ...
... In this way any malicious communication from even allowed IPs will be identified and blocked. Secondly [21] proposed only for botnet attacks defense, but our proposed framework will cover larger attack vector; scanning attack, protocol vulnerabilities exploitation etc. Finally, we propose an easy way of creating and managing device sphere. ...
... The most relevant existing research is [21], where authors secure IoT devices from botnet attacks using device profiling at gateway level. For each monitored device a profile was created on the gateway, consist of IPs that can communicate with the respective device. ...
... But our proposed framework has certain distinctions. Firstly, [21] proposed one level of security, create a profile of white listed IPs and only allow them to communicate with the respective device. Such defense mechanism has certain flaws; malicious IP can be part of white-list and malicious communication can be carried out by a trusted IP. ...
... In this way any malicious communication from even allowed IPs will be identified and blocked. Secondly [21] proposed only for botnet attacks defense, but our proposed framework will cover larger attack vector; scanning attack, protocol vulnerabilities exploitation etc. Finally, we propose an easy way of creating and managing device sphere. ...
Preprint
Full-text available
In this research we propose a framework that will strengthen the IoT devices security from dual perspectives; avoid devices to become attack target as well as a source of an attack. Unlike traditional devices, IoT devices are equipped with insufficient host-based defense system and a continuous internet connection. All time internet enabled devices with insufficient security allures the attackers to use such devices and carry out their attacks on rest of internet. When plethora of vulnerable devices become source of an attack, intensity of such attacks increases exponentially. Mirai was one of the first well-known attack that exploited large number of vulnerable IoT devices, that bring down a large part of Internet. To strengthen the IoT devices from dual security perspective, we propose a two step framework. Firstly, confine the communication boundary of IoT devices; IoT-Sphere. A sphere of IPs that are allowed to communicate with a device. Any communication that violates the sphere will be blocked at the gateway level. Secondly, only allowed communication will be evaluated for potential attacks and anomalies using advance detection engines. To show the effectiveness of our proposed framework, we perform couple of attacks on IoT devices; camera and google home and show the feasibility of IoT-Sphere.
... [34] also enforces MUD rules in OpenFlow switches, however the focus of their work is determining how many rules can be installed at a switch, and how a proactive or reactive approach reacts to IoT network traffic. [13] leverages an online information aggregator (VirusTotal) to determine whether a destination (IP address) should be added to a whitelist or the communication should not be allowed. Their solution does not use the MUD standard and runs on OpenWRT router, and does not enforce rate limiting. ...
... In our work, we present an integrated system that enforces MUD rules in order to avoid IoT devices contacting destinations that are not in the MUD file. [11,13,14,34] focus on traffic filtering based on source/destination address of the packets, and do not consider bandwidth or data rate. ...
... A number of research studies have motivated detection techniques using IoT environment. On the contrary, some research studies have focused on a variety of storage techniques as follows: Habibi et al. (Habibi et al., 2017) used the principle of constructing two layers of IDS, which depends on working correctly. Jan et al. (Jan et al., 2019) proposed a lightweight machine learning depended on an SVM IDS by using three features only for classification. ...
... Others concentrated on a variety of storage techniques, such as storing source and destination IP addresses and traffic sensitivity. To check the source and distention of any packet for IoT devices in whitelist databases and online associated domains, Habibi et al. (Habibi et al., 2017) utilized the principle of constructing two layers of IDS, which depends on working correctly. Despite the fact that this is a terrific idea, they did not employ machine learning to dynamically update the whitelist and instead relied on VirusTotal to identify new or unlisted threats. ...
... But the efforts to mitigate the security issues in these devices have not accompanied the overwhelming adoption of such devices. According to a study by Hewlett-Packard (HP) [11], an IoT device has an average of 25 vulnerabilities. For example, on a testbed that comprises IoT devices, and only considering password security, only 20% of such devices ensured a strong password as a mandatory requirement [11]. ...
... According to a study by Hewlett-Packard (HP) [11], an IoT device has an average of 25 vulnerabilities. For example, on a testbed that comprises IoT devices, and only considering password security, only 20% of such devices ensured a strong password as a mandatory requirement [11]. ...
... Habibi et al. [35] proposed a software solution called Heimdall that they implemented on a Linksys router. This solution is in two parts, a traffic manager which continuously validated traffic and a whitelist manager that managed allowed and blocked addresses. ...
... Papers that are in the solution phase like [30], [36], [39] and [41] take their research a step further, comparing algorithms against malware to measure effectiveness. Finally, operational phase papers such as [34], [35], [38] and [55] provide more fully-fledged mitigation solutions to the IoT botnet problem, having built on previous research. ...
Article
Full-text available
Since the Mirai botnet attacks in 2016 research into the Internet of Things (IoT) botnet malware has increased substantially. IoT botnet relevant threats continue to rise, impacting businesses and users. This paper aims to contribute to the problem space by compiling and synthesizing the relevant literature over the last five years to provide an overview of the most recent advances in IoT botnets, their detection and prevention, and laying down the future research directions required to better address this ever growing threat.
... So far, more models or mechanisms are there in dice for detecting the attacks [11][12][13][14] ; however, the traditional mechanisms are often do not satisfy the specific needs of the IoT like distribution, scalability, resource limitations, and less latency. Further, in IoT, a count of control operations is done between a various set of devices, which often supports intelligent processing and decision making [15][16][17][18] as well in autonomous manner through the linking of communication devices and sensors. 19 This also grants greatest performance and reliability, along with ubiquity to IoT framework. ...
... 2. The hidden neuron's probability pr b is evaluated by identifying the product of visible vector a and weight matrix WE as pr b = σ(a. WE) as per in Equation 16. ...
Article
Full-text available
This paper introduces a new detection mechanism for defending the cyberspace with a new logic that aiding the concept of deep learning. The process involves two phases, namely, feature extraction and classification. The initial phase is the feature extraction, in which the features are extracted from the given input data by the renowned principal component analysis (PCA). Subsequently, the extracted features are subjected to the classification phase, where the deep belief network (DBN) model is used. The DBN model classifies the presence of attacks like denial of service (DoS), probe, R2L, and U2R. In order to make the performance more excellent, this paper diverts the strategy to a new concept termed “Optimization Concept.” Here, the hidden neuron of DBN is optimally selected by a new algorithm termed novel mutation rate‐based lion algorithm (NMR‐LA), which is the modified model of lion algorithm (LA). The performance of proposed algorithm NMR‐LA is compared over the conventional models in terms of both positive and negative measures like accuracy, sensitivity, specificity, precision, negative predictive value (NPV), F1 score and Mathews correlation coefficient (MCC), false‐positive rate (FPR), false‐negative rate (FNR), and false‐discovery rate (FDR) and proves the betterments of proposed work. Immense IoT device connection makes the network corrupted by introducing new and variant attacks that might lose human life and million of dollars. This research work aims to detect these attacks in a new strategy that incorporates the concept of optimization for assuring the precise attack detection in the network. In order to improve the accuracy rate of classification, the hidden neuron of DBN is optimally selected by a new NMR‐LA.
... However, they do not address the security risks emerging from control devices. Habibi et al. [8] propose a more sophisticated approach by implementing whitelisting where policies are automatically learned and enforced by a proxy server deployed on a router. Besides allowed endpoints, their policies include statistical parameters, e. g., sent packets per minute. ...
... Similarly, Hamza et al. [9] combine Software-Defined Networking (SDN) and MUD to narrowly define and restrict IoT devices' behavior and forward non-complying traffic to an Intrusion Detection System. Like [8], this approach suffers from lacking consideration of threats in the same network. ...
Conference Paper
The tremendous success of the IoT is overshadowed by severe security risks introduced by IoT devices and smart-phone apps to control them. Therefore, academia and industry increasingly acknowledge the use of in-network security approaches , such as IETF Manufacturer Usage Description (MUD), to restrict undesired communication. However, actual communication patterns of smart homes are not sufficiently covered by such policy-based approaches. In this paper, we propose to enforce MUD on authenticated smartphones to efficiently filter malicious traffic close to its origin and hinder further spreading. Such enforcement allows us to successfully mitigate the threat of malicious apps and IoT devices in smart home networks.
... Habibi et al., (Habibi et al., 2017) proposed a whitelist-based intrusion detection technique specific to IoT devices. The proposal aims to prevent IoT devices from getting entangled in botnet activities, so it blocks DNS lookups to malicious sites at the gateway level. ...
... There have been numerous efforts of detected malware in IoT Devices. Javid et al, [8] proposed an IDS system that uses a whitelist to prevent IoT devices from connecting to malicious addresses and avoid communications with botnets Command and Control or private data leaks. However, tests with real botnet attacks were not carried out, and the IDS depends on the maintenance of the third-party systems. ...
Article
Full-text available
In the modern era of the internet, billions of IoT devices are connected to share valuable information across the networks. According to McKinsey Global Institute, there are twenty-seven IoT devices per second becoming part of the internet and it is expected that by 2025, the number will reach up to 64 billion IoT devices globally (research by Gartner). Such an enormous number of devices brings the concept of house automation and monitoring. House automation enables an individual to take timely actions in case of any emergency. Today's world is the victim of cybercrimes especially; IoT networks are a paradise for attackers. By considering all these challenges, in this research paper, the aim is to design, deploy and implement a secure house automation system. Firstly, the proposed solution provides remotely accessible integrated IoT resources for the safety and security of the building. By using Sha ort Messaging System (SMS), the age is sent to the user by the Global System for Mobile (GSM) system. An SMS alert is sent to the user in case any sensor detects an abnormality in their operation. Secondly, an authentication mechanism is deployed to enable only authorized users to access resources. Thirdly, in case of a malicious approach in accessing IoT resources, a timely alert should be received by the owner. A Network Intrusion Detection System (NIDS) is deployed to detect and real-time inform in case of any suspicious activity while accessing the Internet of Things network.
... There have been numerous efforts of detected malware in IoT Devices. Javid et al, [8] proposed an IDS system that uses a whitelist to prevent IoT devices from connecting to malicious addresses and avoid communications with botnets Command and Control or private data leaks. However, tests with real botnet attacks were not carried out, and the IDS depends on the maintenance of the third-party systems. ...
Preprint
Full-text available
Firstly, the proposed solution provides remotely accessible integrated IoT resources for the safety and security of the building. By using Sha ort Messaging System (SMS), the age is sent to the user by the Global System for Mobile (GSM) system. An SMS alert is sent to the user in case any sensor detects an abnormality in their operation. Secondly, an authentication mechanism is deployed to enable only authorized users to access resources. Thirdly, in case of a malicious approach in accessing IoT resources, a timely alert should be received by the owner. A Network Intrusion Detection System (NIDS) is deployed to detect and real-time information in case of any suspicious activity while accessing the Internet of Things network.
... The enforcement of traffic filtering at the local system or router or hub level is done by introducing filtering rules through iptables [33] or on SDN controllers [34], [35] or leveraging third-party online services to detect malicious destinations [36]. These works do not use eBPF and XDP to enforce traffic filtering. ...
Preprint
Full-text available
As the prevalence of Internet-of-Things (IoT) devices becomes more and more dominant, so too do the associated management and security challenges. One such challenge is the exploitation of vulnerable devices for recruitment into botnets, which can be used to carry out Distributed Denial-of-Service (DDoS) attacks. The recent Manufacturer Usage Description (MUD) standard has been proposed as a way to mitigate this problem, by allowing manufacturers to define communication patterns that are permitted for their IoT devices, with enforcement at the gateway home router. In this paper, we present a novel integrated system implementation that uses a MUD manager (osMUD) to parse an extended set of MUD rules, which also allow for rate-limiting of traffic and for setting appropriate thresholds. Additionally, we present two new backends for MUD rule enforcement, one based on eBPF and the other based on the Linux standard iptables. The reported evaluation results show that these techniques are feasible and effective in protecting against attacks and in terms of their impact on legitimate traffic and on the home gateway.
... 2) SRD: Communication Sources & Destinations: As opposed to PCs and smartphones, IoT devices normally communicate with a limited number of endpoints (IP destination) [85], e.g., for (de)activation from the cloud, retrieving firmware updates, and logging their status; thus, an increased number of destination endpoints might be indicative of attack traffic (e.g., sending messages to the botnet victims), while extraneous source IP addresses might indicate logging attempts into the device, as in Mirai [28]. Moreover, the set of destination IPs rarely changes over time [17]. ...
Preprint
Full-text available
IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel taxonomy for IoT attack detection which also encapsulates traffic predictability aspects, (c) propose an expert-based attack detectability estimation method which uses this taxonomy to derive a detectability score (termed `D-Score') for a given combination of IoT model and attack scenario, and (d) empirically evaluate our method while comparing it with a data-driven method.
... Heimdall. Habibi et al. [28] propose a network-based, anomaly-based, and centralized IDS with an IP access control approach. In detail, the IDS is lo- ...
Chapter
This chapter focuses on techniques to detect attacks on internet of things (IoT) devices. It reviews intrusion detection systems (IDSes) proposed for IoT devices and categorizes the IDSes according to the research challenges they aim to address and their core techniques. The chapter also categorizes the IDSes based on the threats that they aim to prevent, such as routing attacks in IPv6 over low‐power wireless personal area networks (6LoWPAN). It describes the IDSes concerning: from where the IDS collects logs to be analyzed (i.e. host‐based or network‐based); the type of architectures the IDS uses (i.e. centralized, decentralized, or distributed); and the type of detection mechanism that the IDS relies on (i.e. signature‐based, anomaly‐based, or hybrid). The IDSes that deal with complex attacks should enable the protection of IoT devices from advanced threats.
... Security and privacy concerns arise especially with new business models requirements which push the market to produce cheap plug and play devices (McDermott et al., 2018). This is expected to lead to rapid creation of insecure connected devices over computer networks, a thing that will certainly arise the threats of another paradigm shift to an internet of insecure things (Habibi et al., 2017). Integrating multiple functions within different IoT platforms will have its impact on the operation of critical appliances and systems in all fields, such as health, industry, military, defense, agriculture and many others. ...
... Security and privacy concerns arise especially with new business models requirements which push the market to produce cheap plug and play devices (McDermott et al., 2018). This is expected to lead to rapid creation of insecure connected devices over computer networks, a thing that will certainly arise the threats of another paradigm shift to an internet of insecure things (Habibi et al., 2017). Integrating multiple functions within different IoT platforms will have its impact on the operation of critical appliances and systems in all fields, such as health, industry, military, defense, agriculture and many others. ...
... The majority of devices that are linked to the internet do not have effective methods for security, and as a result, they are vulnerable to a variety of privacy and security concerns, including confidential access, integrity, and authenticity, amongst others. When it comes to the Internet of Things, there are certain security standards that need to be met in order to protect the network from malicious assaults [56]. ...
Article
Full-text available
In spite of the benefits afforded by wireless communications networks, maintaining the confidentiality and safety of wireless networks remains a significant obstacle and source of worry. The principal uses of wireless communication networks are found in the military, commercial, retail, transportation, healthcare, and many other fields; these systems utilise wired, cellular, or ad hoc networks. Other applications of wireless communication networks include: In recent years, a substantial amount of research attention has been focused on the Internet of Things (IoT). Looking forward, the IoT will play an important role and will affect our lives as well as the standards and business models that we now use. It is anticipated that the usage of IoT in a variety of applications would significantly rise during the next several years. The Internet of Things makes it possible for billions of different individuals, equipment, and services to connect with one another and share information. IoT networks are becoming more vulnerable to a wide variety of security threats as their usage continues to grow. In order to provide identification, secrecy, access control, and integrity, among other things, effective security and privacy protocols are an absolute need for Internet of Things (IoT) networks. This Mathematical Statistician and Engineering Applications article presents a research that is both extensive and comprehensive on the topic of privacy and security in IoT.
... 2) SRD: Communication Sources & Destinations: As opposed to PCs and smartphones, IoT devices normally communicate with a limited number of endpoints (IP destination) [85], e.g., for (de)activation from the cloud, retrieving firmware updates, and logging their status; thus, an increased number of destination endpoints might be indicative of attack traffic (e.g., sending messages to the botnet victims), while extraneous source IP addresses might indicate logging attempts into the device, as in Mirai [28]. Moreover, the set of destination IPs rarely changes over time [17]. ...
... An IoT Botnet is also a network of various malware-infected IoT devices, such as routers, wearables, and embedded technologies. This malware allows an attacker to control all the connected devices and eventually the network [181,182]. • Brute Force Password Attack: Brute force password attack or BFA is a search and find a method to gain privileged access where the attacker guesses possible combinations of a targeted password until the correct password is discovered [183]. Based on the length and complexity of the password, both time and the applied combination will be required. ...
Article
Full-text available
The overwhelming acceptance and growing need for Internet of Things (IoT) products in each aspect of everyday living is creating a promising prospect for the involvement of humans, data, and procedures. The vast areas create opportunities from home to industry to make an automated lifecycle. Human life is involved in enormous applications such as intelligent transportation, intelligent healthcare, smart grid, smart city, etc. A thriving surface is created that can affect society, the economy, the environment, politics, and health through diverse security threats. Generally, IoT devices are susceptible to security breaches, and the development of industrial systems could pose devastating security vulnerabilities. To build a reliable security shield, the challenges encountered must be embraced. Therefore, this survey paper is primarily aimed to assist researchers by classifying attacks/vulnerabilities based on objects. The method of attacks and relevant countermeasures are provided for each kind of attack in this work. Case studies of the most important applications of the IoT are highlighted concerning security solutions. The survey of security solutions is not limited to traditional secret key-based cryptographic solutions, moreover physical unclonable functions (PUF)-based solutions and blockchain are illustrated. The pros and cons of each security solution are also discussed here. Furthermore, challenges and recommendations are presented in this work.
... As IoTEDef is network-based, it supports resource-constrained IoT devices without requiring additional computation or networking by these devices. We design IoTEDef to be anomaly-based because anomaly detection is able to detect unknown patterns [10] and is effective for IoT networks that have simple communication patterns [18]. Building on the concept of a cyber kill chain, which is a framework for understanding multi-step attacks [13,20,43], IoTEDef uses several detectors -one for each step, and detects abnormal traffic based on results from these detectors. ...
Chapter
Internet-of-Things (IoT) cyber threats such as jackware [14] and cryptomining [33] show that insecure IoT devices can be exploited by attackers with different goals. As many such attacks are multi-steps, early detection is critical. Early detection enables early attack containment and response, and prevention of malware propagation. However, it is challenging to detect early-phase attacks with both high precision and high recall as attackers typically attempt to evade the detection systems with stealthy or zero-day attacks. To enhance the security of IoT devices, we propose IoTEDef, a deep learning-based system able to identify the infection events and evolve with the identified infections. IoTEDef understands multi-step attacks based on cyber kill chains and maintains detectors for each step. When it detects anomalies related to a later stage of the kill chain, IoTEDef backtracks the log of events and analyzes these events to identify infection events. Then, IoTEDef updates its infection detector with the identified events. IoTEDef can be used for threat hunting as well as the generation of indicators of compromise and attacks. To show its feasibility, we implement a prototype of the system and evaluate it against the Mirai botnet campaign [2] and the multi-step attack that exploits the Log4j vulnerability [36] to infect the IoT devices. Our results show that the F1-score of our evolved infection detector in IoTEDef, instantiated with long short-term memory (LSTM) and the attention mechanism, increases from 0.31 to 0.87 . We also show that existing attention-based NIDSes can benefit from our approach.KeywordsInternet of thingsMulti-step attacksInfection identificationThreat huntingAttention mechanism
... Hence, we apply an allowlist-based prevention mechanism to prevent sensor-based threats on smartphones. An anomaly detection technique for smartphone sensors is straightforward because the simple validation service is sufficient for developing an effective defense mechanism [58]. ...
Article
Full-text available
Sensors play a vital role in the smartphone for sensing-enabled mobile activities and applications. Different sources, like mobile applications and websites, access the sensors and use them for various purposes. The user needs permission to access the permission-imposed sensors. Using the generic sensor application programming interface, the user can access the no-permission-imposed sensors directly without any permission. Attackers target these sensors and make the smartphones vulnerable at the application, device and network levels. The attackers access the sensor’s information and use it for different purposes like personal identification number identification and user personal information theft. This paper presents STMAD, a novel allowlist-based intrusion prevention system to mitigate sensor-based threats on smartphones by detecting malicious access of an attacker through different channels. STMAD functions as a lightweight preventive mechanism for all sensors on the smartphone and preventing attackers from accessing sensors maliciously. The experimental results show that the proposed defense mechanism is more efficient and consumes minimal overhead. An informal security analysis also proved that the STMAD protects against various attacks.
... Heimdal is an intrusion detection solution based on the principle of whitelisting aimed at the IoT devices [22]. It can operate on gateway routers and offer protection to all the devices behind the gateway router. ...
Article
Full-text available
DDoS (Distributed Denial of Service) attacks have drastically effected the functioning of Internet-based services in recent years. Following the release of the Mirai botnet source code on GitHub, the scope of these exploitations has grown. The attackers have been able to construct and launch variations of the Mirai botnet thanks to the open-sourcing of the Mirai code. These variants make the signature-based detection of these attacks challenging. Moreover, DDoS attacks are typically detected and mitigated reactively, making DDoS mitigation solutions very expensive. This paper presents a proactive IoT botnet detection system that detects the anomalies in the behavior of the IoT device and mitigates the DDoS botnet exploitation at the source end, which makes our proposal a low-cost solution. Further, this paper uses a collaborative trust relationship-based threat intelligence-sharing mechanism to prevent other IoT devices from being compromised by the detected botnet. The researchers have evaluated the collaborative threat intelligence sharing mechanism using Ethereum Virtual Machine and Hyperledger. Performance of our proposed system can detect 97% of the Mirai botnet attack activities. Furthermore, our collaborative threat intelligence sharing mechanism based on the Ethereum Virtual Machine showed more scalability.
... Gupta et al. [28] propose a firewall based on simple iptables rules to protect the devices from potential attacks. Heimdall [29] focuses on protecting devices against hacks from the Internet using a pre-learned allow-list. Lastdrager et al. [30] describe SPIN, a software tool for visualizing and blocking traffic from IoT devices. ...
Article
Full-text available
Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open question is whether one can mitigate these risks by automatically blocking some of the Internet connections from IoT devices, without rendering the devices inoperable. In this paper, we address this question by developing a rigorous methodology that relies on automated IoT-device experimentation to reveal which network connections (and the information they expose) are essential, and which are not. We further develop strategies to automatically classify network traffic destinations as either required ( i.e. , their traffic is essential for devices to work properly) or not, hence allowing firewall rules to block traffic sent to non-required destinations without breaking the functionality of the device. We find that indeed 16 among the 31 devices we tested have at least one blockable non-required destination, with the maximum number of blockable destinations for a device being 11. We further analyze the destination of network traffic and find that all third parties observed in our experiments are blockable, while first and support parties are neither uniformly required or non-required. Finally, we demonstrate the limitations of existing blocklists on IoT traffic, propose a set of guidelines for automatically limiting non-essential IoT traffic, and we develop a prototype system that implements these guidelines.
... Gupta et al. [28] propose a firewall based on a Raspberry Pi with simple iptables rules to protect the devices from potential attacks. Heimdall [29] focuses on protecting devices against hacks from the Internet using a pre-learned allow-list. Lastdrager et al. [30] describe SPIN, a software tool for visualizing and blocking traffic from IoT devices. ...
Preprint
Despite the prevalence of Internet of Things (IoT) devices, there is little information about the purpose and risks of the Internet traffic these devices generate, and consumers have limited options for controlling those risks. A key open question is whether one can mitigate these risks by automatically blocking some of the Internet connections from IoT devices, without rendering the devices inoperable. In this paper, we address this question by developing a rigorous methodology that relies on automated IoT-device experimentation to reveal which network connections (and the information they expose) are essential, and which are not. We further develop strategies to automatically classify network traffic destinations as either required (i.e., their traffic is essential for devices to work properly) or not, hence allowing firewall rules to block traffic sent to non-required destinations without breaking the functionality of the device. We find that indeed 16 among the 31 devices we tested have at least one blockable non-required destination, with the maximum number of blockable destinations for a device being 11. We further analyze the destination of network traffic and find that all third parties observed in our experiments are blockable, while first and support parties are neither uniformly required or non-required. Finally, we demonstrate the limitations of existing blocklists on IoT traffic, propose a set of guidelines for automatically limiting non-essential IoT traffic, and we develop a prototype system that implements these guidelines.
... To this end, malicious code that targets IoT devices is on the rise that infects the device itself and receives code updates from dropzones around the world. Acting as intermediate nodes, these infected devices have the potential to launch attacks on other targets to form a massive distributed denialof-service (DDoS) attack [38,41,46,48]. Moreover, the majority of these IoT devices are at a high risk to the new threats due to the lack of security awareness among consumers and the lack of consensus on security standards among the IoT industry [49,58]. ...
Preprint
Full-text available
The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet, that play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2,423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. For the masked IP addresses, we examine the Classless Inter-Domain Routing (CIDR) networks accumulating to more than 100 million (78.2% of total active public IPv4 addresses) endpoints. Our investigation from four different perspectives provides profound insights into the role of endpoints in IoT malware attacks, which deepens our understanding of IoT malware ecosystems and can assist future defenses.
... They cited that Naive Bayes is an adequate algorithm for detecting anomalies in their experiments. J. Habibi et al.[14] purposed a whitelist-based intrusion detection technique act as a gateway for IoT devices. They suggested decentralized approach for earlier detection of attacks. ...
Conference Paper
Full-text available
A Distributed Denial of Service Attack (DDoS) is a lethal threat to web based services and applications. These attacks can cripple down these services in no time and deny legitimate users from using these services. The problem has been further prevailed with the massive usage of unsecured IoT devices across the Internet. In this paper, we have proposed a maching learning based approach to detect DDoS attacks in IoT domain. As part of the work, many machine learning based algorithms such as Naïve Bayes, J48, Random Forest and ZeroR machine learning (ML) classifiers are evaluated. Principal Component Analysis (PCA) method has been used to select optimal number of features. A novel Bot-IoT dataset has been used for the performance evaluation of various ML algorithms in WEKA tool .
... The IoTdevices are engaged with embedded sensors [1,2] which are used to collect data or information [3]. In addition, the IoT has the capability to deliver multi solutions that radically enhance energy efficiency [4], health, security, education and other several aspects of daily routine. ...
Article
Internet of Things (IoT) has become more familiar in all applications and industrial fields such as medical, military, transportation, etc. It has some limitations because of the attack model in the transmission or communication channel. Moreover, one of the deadliest attacks is known as a Distributed Denial of Service Attack (DDoS). The Presence of DDoS in network layer cause huge damage in data transmission channel that ends in data loss or collapse. To address this issue the current research focused on an innovative detection and mitigation of Mirai and DDoS attack in IoT environment. Initially, number of IoT devices is arranged with the help of a novel Hybrid Strawberry and African Buffalo Optimization (HSBABO). Consequently, the types of DDoS attacks are launched in the developed IoT network. Moreover, the presence of strawberry and African Buffalo fitness is utilized to detect and specify the attack types. Subsequently a novel MCELIECE encryption with Cloud Shield scheme is developed to prevent the low and high rate DDoS attack in the Internet of Things. Finally, the proposed model attained 94% of attack detection accuracy, 3% of false negative rate and 5.5% of false positive rate.
... It is not tested in the actual botnet; however, the IDS is based on the third-party device maintenance. 10 In Ref. 3, a network-based method is proposed for IoT botnet detection. The work mainly focussed on legitimate behaviors of IoT devices and the authors used deep autoencoders to detect IoT botnets for malicious network tra±c. ...
Article
Full-text available
Nowadays, the Internet of Things (IoT) is a common word for the people because of its increasing number of users. Statistical results show that the users of IoT devices are dramatically increasing, and in the future, it will be to an ever-increasing extent. Because of the increasing number of users, security experts are now concerned about its security. In this research, we would like to improve the security system of IoT devices, particularly in IoT botnet, by applying various machine learning (ML) techniques. In this paper, we have set up an approach to detect botnet of IoT devices using three one-class classifier ML algorithms. The algorithms are: one-class support vector machine (OCSVM), elliptic envelope (EE), and local outlier factor (LOF). Our method is a network flow-based botnet detection technique, and we use the input packet, protocol, source port, destination port, and time as features of our algorithms. After a number of preprocessing steps, we feed the preprocessed data to our algorithms that can achieve a good precision score that is approximately 77–99%. The one-class SVM achieves the best accuracy score, approximately 99% in every dataset, and EE’s accuracy score varies from 91% to 98%; however, the LOF factor achieves lowest accuracy score that is from 77% to 99%. Our algorithms are cost-effective and provide good accuracy in short execution time.
Article
The properties of short time-to-market, heterogeneity, constrained resources, and unfriendly interfaces for IoT endpoint devices render system-based security mechanisms in traditional desktops, such as antivirus, inapplicable. Moreover, popular network-based security solutions, such as IDS, might not completely detect and mitigate the rising fileless IoT attacks. This article leverages recent innovation, firmware emulation, to enable a digital twin (DT) of a targeted actual IoT endpoint device and to realize an intelligent IoT endpoint detection and response (EDR) platform. Inbound traffic to the actual IoT end-point device is mirrored to the DT in the platform, and the system-level monitoring module integrated into the softwarized DT provides deep IoT endpoint detection in ways that are not possible on physical IoT endpoint devices. Machine learning algorithms are proposed to identify malicious behavior from system calls and network packets collected from system-level and network-level monitors, and suspicious packets containing harmful commands are further determined. The EDR consequently updates the IDS rules so that traffic to the actual IoT endpoint device with the same malicious patterns is recognized and blocked, thereby achieving endpoint response. In the experiment, we enable emulation of IoT endpoint devices with ARM, MIPS, and X86 architectures and realize Mirai malware and remote code execution (RCE) attacks to validate the proposed EDR platform. With a 99.94% accuracy rate in attack determination, we believe that the proposed solution is feasible for the protection of IoT endpoint devices behind the edge. Such outcomes identify secure functionalities that DT using firmware emulation could offer in the IoT paradigm, thereby opening the door to innovative mechanisms to combat IoT attacks.
Article
The fast development of artificial intelligence and Internet of Things (IoT) technologies has enabled various applications of smart cities, e.g., smart monitoring and surveillance. However, vulnerabilities of IoT devices bring new threats to the security of smart cities. To identify ubiquitous IoT botnet attacks, a distributed and collaborative lightweight edge federated learning model for IoT zombie devices detection is proposed, named FIOT. To reduce computational complexity and enhance the adaptability to new attack environment at the network edge, FIOT is designed in a lightweight manner based on feature dimensionality reduction and transfer learning. Three IoT botnet datasets are used to validate the effectiveness of the proposed FIOT. Experimental results show that FIOT has an accuracy loss of less than 3% in terms of F1 value compared to the centralized learning, but the training time of FIOT is only 14.3% of that of centralized learning. While ensuring high detection accuracy, the number of parameters of FIOT is compressed to 37.58% of the comparison method.
Article
With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F 1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.
Chapter
This chapter conducts a comprehensive empirical review of internet of things (IoT) botnet detection to identify gaps in the literature. An empirical analysis of literature work related to IoT botnet detection is conducted. A state-of-the-art review of works done on IoT botnet detection is synthesized. This review is based on classifying the subcategories of IoT botnet detection, including honeypot and intrusion detection techniques, specifically host and network-based IDSs. This is further broken down into anomaly, signature, and hybrid-based approaches. Anomaly-based detections include machine learning techniques and deep learning techniques. Other detection methods include distributed techniques (software defined networking [SDN] and blockchain), graph theory approach, and domain name service (DNS) techniques. Finally, the chapter recommends future research directions in IoT security and the application of deep learning techniques.
Article
Full-text available
Publicly available datasets are an indispensable tool for researchers, as they allow testing new algorithms on a wide range of different scenarios and making scientific experiments verifiable and reproducible. Research in IoT security is no exception. In particular, the design of traffic classification and intrusion detection solutions for network security relies on network traces obtained from real networks or realistic testbeds. In this paper, we provide a detailed survey on the existing datasets containing IoT network traffic. We classify them according to several features that help researchers quickly find the datasets that fit their specific needs. In total, we survey 74 datasets that we found by analyzing more than 100 scientific articles. We also discuss the weaknesses of existing datasets, identify challenges, and point to future directions for creating new IoT datasets.
Article
In smartphones, sensors are fundamental components to sensing-enabled mobile activities and applications. Mobile applications and websites access the sensors and use them in a variety of ways. Permission is required to access permission-imposed sensors, while users can access no-permission imposed sensors directly without any permission by using the generic sensor application programming interface (API). An attacker targets these sensors and makes smartphones vulnerable at the application and network level. Attackers gain access to sensor information and use it for various purposes like identifying personal identification numbers (PINs) and stealing personal information. This paper presents BPLMSBT, a novel Blockchain-based permission list for mitigating smartphone sensor-based threats by allowing benign users to access sensors through various channels. The permission list contains benign sources with sensor access permissions, while the blacklist contains malicious sources that access the sensors. Blockchain avoids the risks of centralized lists and maintains the list’s integrity through the immutability feature. Experimental results indicate that the proposed defence mechanism consumes less overhead and is more efficient. An informal security analysis proved that the BPLMSBT is capable of protecting against various attacks.
Chapter
With the rise of smart gadgets and technology, anomalous traffic monitoring on the Internet has become a significant security challenge. Several assaults are causing havoc on the systems, lowering computing performance. Intrusion detection systems are one of the approaches that assist in determining the security of a system by raising an alert when an intrusion is detected. The EIDIMA framework is provided in this study as a distributed modular approach for detecting IoT malware network traffic during the monitoring phase instead of the attack phase. EIDIMA uses machine learning techniques, input vector databank, a decision-making module, and a subsample module for traffic categorization at edge devices. EIDIMA’s classification performance is assessed using the F1-Score, accuracy, recall, and precision. This model is validated using the NSL-KDD and UNSW_IoT_Botnet benchmark datasets. The UNSW_IoT_Botnet dataset has an F1-score of 98.73% and an accuracy of 99.28%. On the NSL-KDD dataset, the F1-score and accuracy were both 99.50%.
Article
In this work, we present an IoT botnet detection solution, EDIMA, consisting of a set of lightweight modules designed to be deployed at the edge gateway installed in home networks with the remaining modules expected to be implemented on cloud servers. EDIMA targets early detection of IoT botnets prior to the launch of an attack and includes a novel two-stage Machine Learning (ML)-based detector developed specifically for IoT bot detection at the edge gateway. The ML-based bot detector first employs supervised ML algorithms for aggregate traffic classification and subsequently Autocorrelation Function (ACF)-based tests to detect individual bots. The EDIMA architecture also comprises a malware traffic database, a policy engine, a feature extractor and a traffic parser. Performance evaluation results using our testbed setup with real-world IoT malware traffic as well as other public IoT datasets show that EDIMA achieves high bot scanning and bot-CnC traffic detection accuracies with very low false positive rates. The detection performance is also shown to be robust to an increase in the number of IoT devices connected to the edge gateway where EDIMA is deployed. Further, the runtime performance analysis of a Python implementation of EDIMA deployed on a Raspberry Pi reveals low bot detection delays and low RAM consumption. EDIMA is also shown to outperform existing detection techniques for bot scanning traffic and bot-CnC server communication.
Chapter
A distributed denial-of-service attack (DDoS) is a critical attack-type that strongly damages the Quality of Service (QoE). Although various novel security technologies have been continually developing, completely preventing DDoS threats is still unreached. Hence, applying deep learning to detect DDoS attacks effectively is high interest. However, comprehensively analyzing these techniques remains unobservant. In this paper, we present a solid architecture supporting evaluating machine-learning-based DDoS detection techniques from both public and self-generated datasets. A high-accuracy ensemble DDoS detection method is proposed from the evaluation results. Furthermore, we expect that these results could be essential resources for later DDoS researches. Furthermore, the study also provides an overview of the features, labels from which there is a basis for creating a complete dataset used for DDoS attack detection methods.KeywordsEvaluation frameworkIntrusion Detection System (IDS)Machine learningDDos Detection
Article
The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet, that play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2,423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. Our results, through analysis and visualization expose clear patterns of affinity between sources and targets of attacks, attack exposure by Internet infrastructure, and clear depiction of the ecosystem of IoT malware as a whole, only utilizing static artifacts. Our investigation from four different perspectives provides profound insights into the role of endpoints in IoT malware attacks, which deepens our understanding of IoT malware ecosystems and can assist future defenses.
Chapter
The huge number of deployed Internet of Things (IoT) devices combined with the evolution of multiple technologies like machine learning, embedded systems, and cloud- and edge-based services has resulted in complex dynamic IoT networks. IoT networks are however increasingly a target for attacks and breaches. Recent progresses in artificial intelligence can result in effective security solutions. In order to design such AI-based solutions, an analysis of the structure and kill chain of IoT attacks is required. However, the IoT network attack surface is complex and heterogeneous because of devices that are different with respect to functions, protocols, architectures, and manufacturers and operate with deeply intertwined physical and software components. As a result, the structure of an attack in IoT networks is different from attacks in traditional network settings, and therefore conventional kill chains cannot be directly used to classify attacks. In this chapter, we survey different types of IoT attacks and malware observed in recent times. We then propose a new classification structured specifically for IoT attacks and malware with respect to which AI-based effective security solutions can be designed.
Article
The rapid escalation in the usage of the Internet of Things (IoT) devices is threatened by botnets. The expected increase in botnet attacks has seen numerous botnet detection/mitigation proposals from academia and industry. This paper conducts a systematic mapping study of the literature so as to distinguish, sort, and synthesize research in this domain. The investigation is guided by various research questions that are relevant to the botnet studies. In this research, a total of 3,645 studies were gotten from our preliminary pursuit outcomes. Seventy four (74) studies were recognized based on importance, of which 52 were at last picked dependent on our characterized Incorporation and Elimination criteria. A classification for the mapping study with the following components: key contribution, research aspect, validation methods, network forensic methods, datasets and evaluation metric was proposed. Likewise, in this study, we identified eleven (11) key contributions which include evaluation, approach, model, system, software architecture, method, technique, framework, mechanism, algorithm and dataset. The findings of this systematic mapping investigation demonstrate that exploration of IoT-based botnet attacks is picking up more consideration in the past three years with steady distribution yield. Finally, this investigation can be a beginning point in examining researches on botnet assaults in IoT devices and finding better ways to detect and mitigate such assaults.
Conference Paper
IoT devices are the target of choice for attackers, and one of the most devastating threats involving compromised IoT devices has been their exploitation as part of botnets. Here, we propose c-Shield, as a distributed and extensible solution designed to detect and respond to IoT-based bots in an enterprise network. c-Shield passively inspects network traffic associated with IoT devices over a range of different protocols and systematically analyses the URLs extracted. Compared with the existing solutions, c-Shield is designed to be capable of detecting bots using advanced evasion techniques such as Domain Name Generation Algorithms (DGA) with a high accuracy rate.
Article
Full-text available
The wide-ranging implementation of the digital Internet of Things (IoT) system in recent years has contributed to the development of smart cities. In real-world time, smart cities are designed to encourage simplicity and quality of life in developed areas. A smart city’s network traffic from loT networks is increasingly growing and posing new cybersecurity problems, because these loT devices are linked to sensors that are directly connected to large cloud servers. The researchers need to refine new methods for identifying compromised loT machines to prevent such cyberattacks. In the smart networks, traditional protection strategies are cumbersome to implement because of complexity in communication systems, vendor regulations, requirements, technology and location-specific resources. To address these difficulties, we used a Probabilistic Timed Automaton (PTA) to model the operating actions of smart devices and introduced novel Time Dependent Anomaly Detection Systems (TDADS) utilizing the operational behaviour of smart home environment. Simulations to test our concept are performed in real time. It is clear from the simulation findings that our TDADS achieves effective usage of resources and robust packet transport.
Conference Paper
Full-text available
Botnets, i.e., networks of compromised machines under a com- mon control infrastructure, are commonly controlled by an at- tacker with the help of a central server: all compromised ma- chines connect to the central server and wait for commands. However, the first botnets that use peer-to-peer (P2P) net- works for remote control of the compromised machines ap- peared in the wild recently. In this paper, we introduce a methodology to analyze and mitigate P2P botnets. In a case study, we examine in detail the Storm Worm botnet, the most wide-spread P2P botnet currently propagating in the wild. We were able to infiltrate and analyze in-depth the botnet, which al- lows us to estimate the total number of compromised machines. Furthermore, we present two different ways to disrupt the com- munication channel between controller and compromised ma- chines in order to mitigate the botnet and evaluate the effective- ness of these mechanisms.
Article
To resolve the anomaly detection problem in the distributed environment of the Internet of Things (IoT), an artificial immunity-based anomaly detection model for the IoT is proposed in this paper. The proposed model adopts artificial immune mechanisms to recognize anomaly behavior of IoT security threats. It is consisted of Anomaly detection agents (ADA) and Central Service System (CSS). ADA is deployed by the IoT gateway. It collects the initial data of the sense layer of the IoT. It works independently and produces excellent detection elements. It shares its excellent detection elements with the other ones and uploads them to the CSS. Theory analysis shows that the proposed model is able to adapt the local network environment of IoT and improve the anomaly detection ability in the global IoT environment.
Conference Paper
Communication networks are rapidly evolving with connectivity reaching far beyond cell-phones, computers and tablets. Novel applications are emerging based on the widespread presence of network-enabled sensors and actuators. Machine-to-Machine (M2M) devices such as power meters, medical sensors and asset tracking appliances provide a new dimension to telecommunication services. The majority of these novel systems require low bandwidth and base their communications and control protocols on the Short Messaging Service (SMS). SMS-based attacks pose a serious threat to M2M devices and the servers/users communicating with them. Researchers have demonstrated how to remotely control embedded devices and leverage them for malicious message floods. These attacks can potentially be masked by the massive amounts of legitimate text messages traveling the airwaves daily and providing data connectivity to these connected M2M appliances. In this paper we propose two algorithms for detecting anomalous SMS activities and attacks on aggregate, cluster and individual device levels. Once these algorithms detect an anomaly they automatically determine the cause of the anomaly. Effectiveness of the algorithms has been demonstrated on real life SMS communication traffic of M2M devices connected to the network of one of the main tier-1 providers in the US.
Article
Researchers have discovered important security flaws in modern automobile systems. Will car thieves learn to pick locks with their laptops?
Article
A “botnet” consists of a network of compromised computers controlled by an attacker (“botmaster”). Recently, botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in the near future. In this paper, we present the design of an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. In the end, we suggest and analyze several possible defenses against this advanced botnet.
Linux Worm Targets Internet-Enabled Home Appliances to Mine Cryptocurrencies
  • S Bansal
S. Bansal. (Mar. 2014). Linux Worm Targets Internet-Enabled Home Appliances to Mine Cryptocurrencies. [Online]. Available: http:// thehackernews.com/2014/03/linux-worm-targets-internet-enabled.html
New Toolkit Seeks Routers, Internet of Things for DDoS Botnet
  • A Gonsalves
A. Gonsalves. (Sep. 2014). New Toolkit Seeks Routers, Internet of Things for DDoS Botnet. [Online]. Available: http://www.csoonline.com/ article/2687653/data-protection/new-toolkit-seeks-/routers-internet-ofthings-for-ddos-botnet.html
Pebble Owners Can Now Use Paypal on Their Smartwatch
  • E Alvarez
E. Alvarez. Pebble Owners Can Now Use Paypal on Their Smartwatch. Accessed on Nov. 2014. [Online]. Available: http://www.engadget.com/ 2014/11/18/paypal-app-for-pebble/
HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack
  • D Miessler
D. Miessler. (Jul. 2014). HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. [Online].
Disruptive Technologies: Advances That Will Transform Life, Business, and the Global Economy
  • J Manyika
J. Manyika et al. (May 2013). Disruptive Technologies: Advances That Will Transform Life, Business, and the Global Economy. [Online].
Gartner Says 6.4 Billion Connected 'Things' Will be in use in 2016
  • R Van Der Meulen
R. van der Meulen. Gartner Says 6.4 Billion Connected 'Things' Will be in use in 2016. Accessed on Nov. 2015. [Online]. Available: http://www.gartner.com/newsroom/id/3165317
Smart Lock. Accessed on
  • August
August. August Smart Lock. Accessed on Dec. 2014. [Online]. Available: http://august.com/
OPKG Package Manager. Accessed on
  • O Community
O. Community. OPKG Package Manager. Accessed on Oct. 2014. [Online]. Available: http://wiki.openwrt.org/doc/techref/opkg
Beaglebone Black. Accessed on
  • B Foundation
B. Foundation. Beaglebone Black. Accessed on Dec. 2014. [Online]. Available: https://beagleboard.org/black
Moto 360 Teardown. Accessed on Dec
  • Ifixit Motorola
IFIXIT. Motorola Moto 360 Teardown. Accessed on Dec. 2014. [Online].
Linksys WRT1900AC AC1900 Dual-Band Smart Wi-Fi Wireless Router
  • Linksys
Linksys. Linksys WRT1900AC AC1900 Dual-Band Smart Wi-Fi Wireless Router. Accessed on Nov. 2014. [Online]. Available: http://www.linksys.com/us/p/P-WRT1900AC/
Heightened DDOS Threat Posed by Mirai and Other Botnets
  • U S Cert
U.S. CERT. Heightened DDOS Threat Posed by Mirai and Other Botnets. Accessed on Oct. 2016. [Online]. Available: https://www.us-cert.gov/ncas/alerts/TA16-288A
  • Virustotal
VirusTotal. Credits & Acknowledgements. Accessed on Jan. 2016. [Online]. Available: https://www.virustotal.com/en/about/credits/