Understanding the Mirai Botnet
نویسندگان
چکیده
The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. In this paper, we provide a seven-month retrospective analysis of Mirai’s growth to a peak of 600k infections and a history of its DDoS victims. By combining a variety of measurement perspectives, we analyze how the botnet emerged, what classes of devices were affected, and how Mirai variants evolved and competed for vulnerable hosts. Our measurements serve as a lens into the fragile ecosystem of IoT devices. We argue that Mirai may represent a sea change in the evolutionary development of botnets—the simplicity through which devices were infected and its precipitous growth, demonstrate that novice malicious techniques can compromise enough low-end devices to threaten even some of the best-defended targets. To address this risk, we recommend technical and nontechnical interventions, as well as propose future research directions.
منابع مشابه
Performance of Botnet Detection by Neural Networks in Software-Defined Networks
The recent evolution of Internet to new paradigms such as network function virtualization and software defined networking poses new relevant challenges to the detection of Botnet attacks, calling for innovative approaches. In this work we propose a detection mechanism based on an Artificial Neural Net classifier trained by available data sets collected in conventional networks. We apply such de...
متن کاملHey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices
Mirai is botnet which targets out-of-date Internet-of-Things (IoT) devices. The disruptive Distributed Denial of Service (DDoS) attack last year has hit major Internet companies, causing intermittent service for millions of Internet users. Since the affected devices typically do not support firmware update, it becomes challenging to expel these vulnerable devices in the wild. Both industry and ...
متن کاملAnalyzing the Propagation of IoT Botnets from DNS Leakage
Mirai and Hajime are two large botnets that came to prominence in the Fall of 2016, notably due to Mirai’s launching of several large DDoS attacks. The propagation method of the two botnets is similar, drawing upon poor security measures in IoT devices. While reverseengineering efforts have detailed the propagation logic, measuring the actual growth of each botnet remains difficult, with curren...
متن کاملUnderstanding Linux Malware
For the past two decades, the security community has been fighting malicious programs for Windows-based operating systems. However, the recent surge in adoption of embedded devices and the IoT revolution are rapidly changing the malware landscape. Embedded devices are profoundly different than traditional personal computers. In fact, while personal computers run predominantly on x86-flavored ar...
متن کامل2018-00448 - [Campagne CORDI-S-CRI Paris] Securing Internet of Things devices in home networks
Modern households are deploying Internet of Things (IoT) devices at a fast pace. The heterogeneity of these devices, which range from low-end sensors to smart TVs, make securing home IoT particularly challenging. To make matters worse, many consumer-IoT devices are hard or impossible to secure because device manufacturers fail to adopt security best practices (e.g., regular so ware patches). Vu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017