Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks

Muhammad Junaid Farooq; Quanyan Zhu

doi:10.1109/TIFS.2019.2898817

Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks

Muhammad Junaid Farooq, Quanyan Zhu

Electrical and Computer Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint.

Original language	English (US)
Article number	8638982
Pages (from-to)	2412-2426
Number of pages	15
Journal	IEEE Transactions on Information Forensics and Security
Volume	14
Issue number	9
DOIs	https://doi.org/10.1109/TIFS.2019.2898817
State	Published - Sep 2019

Keywords

Botnet
Internet of Things
device-to-device communication
distributed denial of service
population processes

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Computer Networks and Communications

Access to Document

10.1109/TIFS.2019.2898817

Fingerprint Dive into the research topics of 'Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks'. Together they form a unique fingerprint.

Cite this

@article{bd8f9df8680a4cd58450c834b9cc6b06,

title = "Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks",

abstract = "The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint.",

keywords = "Botnet, Internet of Things, device-to-device communication, distributed denial of service, population processes",

author = "Farooq, {Muhammad Junaid} and Quanyan Zhu",

note = "Funding Information: Manuscript received August 20, 2018; revised December 22, 2018 and January 27, 2019; accepted January 30, 2019. Date of publication February 11, 2019; date of current version June 5, 2019. This work was supported in part by a Department of Homeland Security Grant through the Critical Infrastructure Resilience Institute, in part by the National Science of Foundation under Grant CNS-1544782 and Grant SES-1541164, and in part by the Department of Defense under Grant W911NF1910041. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Wei Yu. (Corresponding author: Muhammad Junaid Farooq.) The authors are with the Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY 11201 USA (e-mail: mjf514@nyu.edu; qz494@nyu.edu). Digital Object Identifier 10.1109/TIFS.2019.2898817",

year = "2019",

month = sep,

doi = "10.1109/TIFS.2019.2898817",

language = "English (US)",

volume = "14",

pages = "2412--2426",

journal = "IEEE Transactions on Information Forensics and Security",

issn = "1556-6013",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "9",

}

TY - JOUR

T1 - Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks

AU - Farooq, Muhammad Junaid

AU - Zhu, Quanyan

N1 - Funding Information: Manuscript received August 20, 2018; revised December 22, 2018 and January 27, 2019; accepted January 30, 2019. Date of publication February 11, 2019; date of current version June 5, 2019. This work was supported in part by a Department of Homeland Security Grant through the Critical Infrastructure Resilience Institute, in part by the National Science of Foundation under Grant CNS-1544782 and Grant SES-1541164, and in part by the Department of Defense under Grant W911NF1910041. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Wei Yu. (Corresponding author: Muhammad Junaid Farooq.) The authors are with the Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY 11201 USA (e-mail: mjf514@nyu.edu; qz494@nyu.edu). Digital Object Identifier 10.1109/TIFS.2019.2898817

PY - 2019/9

Y1 - 2019/9

N2 - The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint.

AB - The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint.

KW - Botnet

KW - Internet of Things

KW - device-to-device communication

KW - distributed denial of service

KW - population processes

UR - http://www.scopus.com/inward/record.url?scp=85067119672&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067119672&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2019.2898817

DO - 10.1109/TIFS.2019.2898817

M3 - Article

AN - SCOPUS:85067119672

VL - 14

SP - 2412

EP - 2426

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 9

M1 - 8638982

ER -