TY - JOUR
T1 - Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks
AU - Farooq, Muhammad Junaid
AU - Zhu, Quanyan
N1 - Funding Information:
Manuscript received August 20, 2018; revised December 22, 2018 and January 27, 2019; accepted January 30, 2019. Date of publication February 11, 2019; date of current version June 5, 2019. This work was supported in part by a Department of Homeland Security Grant through the Critical Infrastructure Resilience Institute, in part by the National Science of Foundation under Grant CNS-1544782 and Grant SES-1541164, and in part by the Department of Defense under Grant W911NF1910041. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Wei Yu. (Corresponding author: Muhammad Junaid Farooq.) The authors are with the Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University, Brooklyn, NY 11201 USA (e-mail: mjf514@nyu.edu; qz494@nyu.edu). Digital Object Identifier 10.1109/TIFS.2019.2898817
Publisher Copyright:
© 2019 IEEE.
PY - 2019/9
Y1 - 2019/9
N2 - The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint.
AB - The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint.
KW - Botnet
KW - Internet of Things
KW - device-to-device communication
KW - distributed denial of service
KW - population processes
UR - http://www.scopus.com/inward/record.url?scp=85067119672&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85067119672&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2019.2898817
DO - 10.1109/TIFS.2019.2898817
M3 - Article
AN - SCOPUS:85067119672
VL - 14
SP - 2412
EP - 2426
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
SN - 1556-6013
IS - 9
M1 - 8638982
ER -