A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case

• URL: http://arxiv.org/abs/2101.02147v1
• Date: Wed, 6 Jan 2021 17:28:12 GMT
• Title: A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case
• Authors: Syed Ghazanfar Abbas, Shahzaib Zahid, Faisal Hussain, Ghalib A. Shah, Muhammad Husnain
• Abstract summary: We propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case. We reticulate the identified threats with botnet attacks.
• Score: 0.5669790037378093
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.

Related papers

• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through Reinforcement Learning [10.186372780116631]
  We develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT. We first build a real device based attack trace collection system to learn how attackers interact with IoT devices. We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers.
  arXiv  Detail & Related papers  (2023-05-10T19:43:20Z)
• AIIPot: Adaptive Intelligent-Interaction Honeypot for IoT Devices [3.571367745766466]
  Honeypot is a popular deception technique that mimics interaction in real fashion. We propose a honeypot for IoT devices that uses machine learning techniques to learn and interact with attackers automatically.
  arXiv  Detail & Related papers  (2023-03-22T08:06:41Z)
• IoT Device Identification Based on Network Communication Analysis Using Deep Learning [43.0717346071013]
  The risk of attacks on an organization's network has increased due to the growing use of less secure IoT devices. To tackle this threat and protect their networks, organizations generally implement security policies in which only white listed IoT devices are allowed on the network. In this research, deep learning is applied to network communication for the automated identification of IoT devices permitted on the network.
  arXiv  Detail & Related papers  (2023-03-02T13:44:58Z)
• IoT Botnet Detection Using an Economic Deep Learning Model [0.0]
  This paper proposes an economic deep learning-based model for detecting IoT botnet attacks along with different types of attacks. The proposed model achieved higher accuracy than the state-of-the-art detection models using a smaller implementation budget and accelerating the training and detecting processes.
  arXiv  Detail & Related papers  (2023-02-03T21:41:17Z)
• Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI [3.871148938060281]
  LADDER is a framework that can extract text-based attack patterns from cyberthreat intelligence reports at scale. We present several use cases to demonstrate the application of LADDER in real-world scenarios.
  arXiv  Detail & Related papers  (2022-11-01T12:16:30Z)
• CAN-LOC: Spoofing Detection and Physical Intrusion Localization on an In-Vehicle CAN Bus Based on Deep Features of Voltage Signals [48.813942331065206]
  We propose a security hardening system for in-vehicle networks. The proposed system includes two mechanisms that process deep features extracted from voltage signals measured on the CAN bus.
  arXiv  Detail & Related papers  (2021-06-15T06:12:33Z)
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
  We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
  arXiv  Detail & Related papers  (2021-03-10T19:03:38Z)
• Smart Home, security concerns of IoT [91.3755431537592]
  The IoT (Internet of Things) has become widely popular in the domestic environments. People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed. Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
  arXiv  Detail & Related papers  (2020-07-06T10:36:11Z)
• IoT Device Identification Using Deep Learning [43.0717346071013]
  The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
  arXiv  Detail & Related papers  (2020-02-25T12:24:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.