
تعداد نشریات | 34 |
تعداد شمارهها | 1,289 |
تعداد مقالات | 9,294 |
تعداد مشاهده مقاله | 8,800,260 |
تعداد دریافت فایل اصل مقاله | 5,339,796 |
میراکا: تشخیص حملات باتنت مبتنی بر ترافیک DNS در اینترنت اشیا | ||
پدافند الکترونیکی و سایبری | ||
مقاله 1، دوره 12، شماره 3 - شماره پیاپی 47، آبان 1403، صفحه 1-13 اصل مقاله (1.31 M) | ||
نوع مقاله: مقاله پژوهشی | ||
نویسندگان | ||
محمد تقی بهنام1؛ رضا جلایی* 2 | ||
1کارشناسی ارشد ،دانشگاه جامع امام حسین (ع)، تهران، ایران | ||
2استادیار، دانشگاه جامع امام حسین (ع)،تهران، ایران | ||
تاریخ دریافت: 31 اردیبهشت 1403، تاریخ بازنگری: 22 شهریور 1403، تاریخ پذیرش: 16 مهر 1403 | ||
چکیده | ||
تجهیزات اینترنت اشیا امروزه بهسرعت در حال افزایش است و انواع و کاربردهای گوناگون نیز باعث شده که مدیریت آنها پیچیده و بستری برای رشد و گسترش بات نتها شود. در چند سال اخیر حملات گستردهای از طریق تجهیزات اینترنت اشیا انجام شده است که باتنت میرای جزء شاخصترین آنها است بهگونهای که این باتنت به الگوی بات نتهای اینترنت اشیا تبدیل شده است به دلیل اینکه بردار حمله DNS جزء محبوبترین و نمایان بردارهای حمله است، این مقاله ضمن بررسی حملات سرویس نام دامنه (DNS)، در شبکه اینترنت اشیا، روشی را برای تشخیص بات نتهای مبتنی بر DNS پیشنهاد میدهد. روش پیشنهادی میراکا، بر اساس محاسبه اختلاف زمان درخواست و پاسخ ترافیک DNS و مقایسه آن با مقدار حد آستانه محاسبه شده، سرویسهای نام دامنه مخرب را تشخیص میدهد. تفاوت میراکا با روشهای ارائه شده، در بررسی ویژگیهای نام سرویس دامنه و تحلیل متنی نام دامنه است. میراکا با سنجش شاخصهای ماتریس درهمریختگی و ارزیابی شد. نتایج ارزیابی نشان داد که روش پیشنهادی میراکا، با تشخیص 0.995 و دقت 0.977 باتهای مبتنی بر اینترنت اشیا را تشخیص میدهد | ||
کلیدواژهها | ||
اینترنت اشیا؛ تشخیص باتنت؛ حملات DNS؛ باتنت میرای | ||
موضوعات | ||
آسیب پذیری ها و تهدیدات فضای سایبری | ||
عنوان مقاله [English] | ||
Detection of DNS based botnets using traffic analysis in IoT | ||
نویسندگان [English] | ||
Mohammad Taghi Behnam1؛ Reza Jalaei2 | ||
1Master's degree, Imam Hussein (AS) University, Tehran, Iran | ||
2Assistant Professor, Imam Hossein (AS) University, Tehran, Iran | ||
چکیده [English] | ||
Application of IOT based equipment using different technologies are increasing on a day-to-day basis. On the other hand, due to light protocols, versatility of applications, and geographic prevalence, and management by non-specialists, a thorough, secure configuration, and proper update of these equipment is not handled properly. Thus, such equipment are easy targets for various hackers' attacks. Moreover, crafting bot networks for destructive activities is available more than ever. Using IOT equipment with such weaknesses and shortcomings, detecting bot networks remains as a serious challenge. In this work, after surveying relevant works, different attack vectors in IOT networks were studied. Then DNS attack vectors that may be leveraged by bots were identified. Finally, Miraka, a method for detecting DNS attacks in IP layer of IOT networks was proposed. For practical purposes, Mirai, a notorious IP based bot common to IOT as well as TCP/IP networks was studied, and different results were obtained using comprehensive traffic generation patterns and scenarios. The advantage of the proposed methos relies on faster detection of contaminated traffic due to lexical domain name analysis, and less reliance on domain name attributes. Empirical results show a success rate of %99.5 and precision of %99.7 in Mirai based bot detection in IP based IOT networks which is superior to other competing methods. | ||
کلیدواژهها [English] | ||
Botnet, Internet of Things, DNS Attacks, Mirai | ||
مراجع | ||
[1] A.Al-Fuqaha,M.Guizani,M.Mohammadi,M. Aledhari, M.Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols and Applications," IEEE Communications Surveys & Tutorials, vol. 17, pp. 2347-2376, 2015. [3] G.Doyen,M.Charalambides,S.Latré,B.Stiller, "Towards Incentivizing ISPs to Mitigate Botnets," in International Conference on Autonomous Infrastructure, Brno, 2014. [4] M.Litoussi,N.Kannouf,K.El Makkaoui, A.Ezzatia, M.Fartitchou, "IoT security: challenges and countermeasures , " Published by Elsevier B.V, vol. 177, p. 503–508, 2020. [5] I. Elzen,J.Heugten, "Techniques for detecting compromised," University of Amsterdam, Amsterdam, February 12, 2017. [6] T.Hyun Kim,D.Reeves, "A survey of domain name system vulnerabilities and attacks," Journal of Surveillance,Security and Safety, pp. 34-60, 2020. [7] L.Fang,H.Wu,K.Qian,W.Wang,L.Han, "A Comprehensive Analysis of DDoS attacks based on DNS," in International Conference on Computer Vision and Data Mining (ICVDM 2021), 2021. [8] K.Alieyan,A.ALmomani,A.Manasrah,M.Kadhum, "A survey of botnet detection based on DNS," springer, 2015. [9] I.Ghafir ,V.Prenosil, "DNS Traffic Analysis for Malicious Domains Detection," in 2nd International Conference on Signal Processing and Integrated Networks (SPIN), 2015. [10] J.Selvi a,J.Ricardo,b.Rodríguez,E.Soria-Olivas , "Detection of algorithmically generated malicious domain names using masked N-grams," Expert Systems With Applications, p. 156–163, 2019. [11] J.Lee, H.Lee, "Graph-based Malware Activity Detection by DNS traffic analysis," Computer Communications, p. 33–47, 2014. [12] L.Bilge, S.Sen,D.Balzarotti ,E.Kirda ,C.Kruegel, "A passive DNS analysis service to detect and report malicious," Article in ACM Transactions on Information and System Security, 2014. [13] A.Prokofiev,Y.Smirnova,V.Surov, "A Method to Detect Internet of Things Botnets," National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), 2018. [14] Y. Meidan, M.Bohadana , Y. Mathov . Y. Mirsky , A. Shabtai , D. Breitenbacher , Y. Elovici, "N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders," IEEE Pervasive Computing, pp. 12-22, July–September 2018. [15] Radware, " A Quick History of IoT Botnets," Radware, 1 March 2018. [Online]. Available: https://blog.radware.com/uncategorized/2018/03/history-of-iot-botnets/. [16] S.Daniel, "IoT Botnets on the Rise," Radware, 2 October 2018. [Online]. Available: https://blog.radware.com/security/2018/10/iot-botnets-on-the-rise/. [17] P.Danny, "This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army," ZDNET, 31 October 2019. [Online]. Available: https://www.zdnet.com/article/this-aggressive-iot-malware-is-forcing-wi-fi-routers-to-join-its-botnet-army/. [18] R.Winward, "IoT Attack Handbook," Radware, U.S, 2018. [19] C.Kolias,G.Kambourakis,A.Stavrou,J.Voas, "Mirai and Other Botnets," IEEE Computer Sceurity, 2 0 1 7 I EEE. [20] Z.Zorz, "Linux/IRCTelnet creates new, powerful IoT DDoS botnet," Help Net Security, 2 November 2016. [Online]. Available: https://www.helpnetsecurity.com/2016/11/02/linuxirctelnet-iot-ddos-botnet/. [21] S.Edwards, I.Profetis, "Hajime – Friend or Foe?," ERT Threat Advisory -Radware, USA, April 26, 2017. [24] B. Wójcicki, R.Dąbrowski, "Applying Machine Learning to Software Fault Prediction," e-Informatica Software Engineering Journal, vol. vol. 12, no. 1, p. 199–216, 2018. [25] M.Singh,M.Singh,S.Kaur, "Detecting bot-infected machines using DNS fingerprinting," Digital Investigation, pp. 14-33, 24 December 2018. [26] M.Aldwairi,F.Belqasmi, "Malware Detection using DNS Records and Domain Name Features," in International Conference on Future Networks and Distributed Systems, June 26-27,2018, Amman, Jordan. ACM, NewYork, NY, USA, June 2018. | ||
آمار تعداد مشاهده مقاله: 77 تعداد دریافت فایل اصل مقاله: 3 |