Monitoramento e Caracterização de Botnets Bashlite em Dispositivos IoT

  • Artur Marzano
  • David Alexander
  • Elverton Fazzion
  • Osvaldo Fonseca
  • Italo Cunha
  • Cristine Hoepers
  • Klaus Steding-Jessen
  • Marcelo H. P. C. Chaves
  • Dorgival Guedes
  • Wagner Meira Jr.

Resumo


The use of botnets, networks composed of malware-infected devices, for malicious activities, such as denial-of-service attacks and spam/phishing distribution, causes billion-dollar losses every year. The growth of the Internet of Things, combined with the low security of its devices, has provided invaders with a rich environment for the creation of botnets. To combat such networks, it is essential to understand their behavior. In this work we monitor widespread IoT-based Bashlite botnets using a network of low-interactivity honeypots. We analyzed both the scanning and infection of vulnerable devices as well as the command flow sent to infected devices by their controllers. Our results suggest that botnets rely on infrastructure providers, that most of the infections use unmodified publicly-available source code, and that there is a concentration of attacks on specific targets.
Publicado
10/05/2018
Como Citar

Selecione um Formato
MARZANO, Artur et al. Monitoramento e Caracterização de Botnets Bashlite em Dispositivos IoT. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC) , 2018 Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Porto Alegre: Sociedade Brasileira de Computação, may 2018 . ISSN 2177-9384.