Providing IoT host-based datasets for intrusion detection research
Resumo
The high number of vulnerabilities in Internet of Things devices has created malware-prone networks. A type of malware that imposes a serious threat to the Internet security is known as botnets. This malware exploits some vulnerabilities of IoT devices to infect them and perform large-scale Distributed Denial of Service attacks, affecting many users who depend on their services. This work presents the construction of an experimental environment to generate a dataset that contains data from a real IoT device that was infected by botnet malware in a laboratory. The dataset can be used to support the development of defence tools for IoT devices to identify botnets, as it contains network traffic and host-based features, such as, CPU and memory usage. The dataset and network environment files are available for the research community.
Referências
Abdul Kadir, A. F., Stakhanova, N., and Ghorbani, A. A. (2015). Android botnets: What URLs are telling us. In Qiu, M., Xu, S., Yung, M., and Zhang, H., editors, Network and System Security, pages 78–91, Cham. Springer International Publishing.
Amaral, J. P., Oliveira, L. M., Rodrigues, J. J., Han, G., and Shu, L. (2014). Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks. In Communications (ICC), 2014 IEEE International Conference on, pages 1796–1801. IEEE.
Angrishi, K. (2017). Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets. arXiv preprint arXiv:1702.03681, pages 1–17.
Atzori, L., Iera, A., and Morabito, G. (2010). The Internet of Things: A survey. Computer networks, 54(15):2787–2805.
Bay, S. D., Kibler, D., Pazzani, M. J., and Smyth, P. (2000). The UCI KDD Archive of Large Data Sets for Data Mining Research and Experimentation. SIGKDD Explor. Newsl., 2(2):81–85.
Cervantes, C., Poplade, D., Nogueira, M., and Santos, A. (2015). Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for internet of things. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pages 606–611. IEEE.
Costa, V. G. T., Barbon Jr, S., Miani, R. S., Rodrigues, J. J. P. C., and Zarpelão, B. B. (2017). Detecting Mobile Botnets Through Machine Learning and System Calls Analysis. Proceedings of the 2017 IEEE International Conference on Communications (ICC), pages 917–922.
Garcıa, S. (2014). Identifying, Modeling and Detecting Botnet Behaviors in the Network. PhD thesis, Universidad Nacional del Centro de la Provincia de Buenos Aires.
García, S., Zunino, A., and Campo, M. (2014). Survey on network-based botnet detection methods. Security and Communication Networks, 7(5):878–903.
Gubbi, J., Buyya, R., Marusic, S., and Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7):1645–1660.
Habibi, J., Midi, D., Mudgerikar, A., and Bertino, E. (2017). Heimdall: Mitigating the Internet of insecure things. IEEE Internet of Things Journal, 4(4):968–978.
Kolias, C., Kambourakis, G., Stavrou, A., and Voas, J. (2017). DDoS in the IoT: Mirai and Other Botnets. Computer, 50(7):80–84.
Mansfield-Devine, S. (2016). DDoS goes mainstream: how headline-grabbing attacks could make this threat an organisation’s biggest nightmare. Network Security, 2016(11):7 – 13.
Nayyar, A. and Puri, V. (2015). Raspberry Pi-A Small, Powerful, Cost Effective and Efficient Form Factor Computer: A Review. International Journal of Advanced Research in Computer Science and Software Engineering, 5(12):720–737.
Nigam, R. (2015). A timeline of mobile botnets. Virus Bulletin, March.
Nobakht, M., Sivaraman, V., and Boreli, R. (2016). A Host-Based Intrusion Detection and Mitigation Framework for Smart Home IoT Using OpenFlow. In Availability, Reliability and Security (ARES), 2016 11th International Conference on, pages 147–156. IEEE.
Oh, D., Kim, D., and Ro, W. W. (2014). A malicious pattern detection engine for embedded security systems in the Internet of Things. Sensors, 14(12):24188–24211.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39(1):3–es.
Raza, S., Wallgren, L., and Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks, 11(8):2661–2674.
Sforzin, A., Mármol, F. G., Conti, M., and Bohli, J.-M. (2016). RPiDS: Raspberry Pi IDS—A Fruitful Intrusion Detection System for IoT. In UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld, 2016 Intl IEEE Conferences, pages 440–448. IEEE.
Shiravi, A., Shiravi, H., Tavallaee, M., and Ghorbani, A. A. (2012). Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Comput. Secur., 31(3):357–374.
Silva, S. S. C., Silva, R. M. P., Pinto, R. C. G., and Salles, R. M. (2013). Botnets: A survey. Computer Networks, 57(2):378–403.
Stavrou, A., Voas, J., and Fellow, I. (2017). DDoS in the IoT. Computer, 50:80–84.
Summerville, D. H., Zach, K. M., and Chen, Y. (2015). Ultra-lightweight deep packet anomaly detection for Internet of Things devices. In Computing and Communications Conference (IPCCC), 2015 IEEE 34th International Performance, pages 1–8. IEEE.
Thomas, C., Sharma, V., and Balakrishnan, N. (2008). Usefulness of DARPA dataset for Intrusion Detection System Evaluation. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, 6973:69730G–69730G–8.
Whitmore, A., Agarwal, A., and Da Xu, L. (2015). The Internet of Things—A survey of topics and trends. Information Systems Frontiers, 17(2):261–274.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4):2046–2069.
Zarpelão, B. B., Miani, R. S., Kawakani, C. T., and de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84(September 2016):25–37.
Amaral, J. P., Oliveira, L. M., Rodrigues, J. J., Han, G., and Shu, L. (2014). Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks. In Communications (ICC), 2014 IEEE International Conference on, pages 1796–1801. IEEE.
Angrishi, K. (2017). Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets. arXiv preprint arXiv:1702.03681, pages 1–17.
Atzori, L., Iera, A., and Morabito, G. (2010). The Internet of Things: A survey. Computer networks, 54(15):2787–2805.
Bay, S. D., Kibler, D., Pazzani, M. J., and Smyth, P. (2000). The UCI KDD Archive of Large Data Sets for Data Mining Research and Experimentation. SIGKDD Explor. Newsl., 2(2):81–85.
Cervantes, C., Poplade, D., Nogueira, M., and Santos, A. (2015). Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for internet of things. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pages 606–611. IEEE.
Costa, V. G. T., Barbon Jr, S., Miani, R. S., Rodrigues, J. J. P. C., and Zarpelão, B. B. (2017). Detecting Mobile Botnets Through Machine Learning and System Calls Analysis. Proceedings of the 2017 IEEE International Conference on Communications (ICC), pages 917–922.
Garcıa, S. (2014). Identifying, Modeling and Detecting Botnet Behaviors in the Network. PhD thesis, Universidad Nacional del Centro de la Provincia de Buenos Aires.
García, S., Zunino, A., and Campo, M. (2014). Survey on network-based botnet detection methods. Security and Communication Networks, 7(5):878–903.
Gubbi, J., Buyya, R., Marusic, S., and Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7):1645–1660.
Habibi, J., Midi, D., Mudgerikar, A., and Bertino, E. (2017). Heimdall: Mitigating the Internet of insecure things. IEEE Internet of Things Journal, 4(4):968–978.
Kolias, C., Kambourakis, G., Stavrou, A., and Voas, J. (2017). DDoS in the IoT: Mirai and Other Botnets. Computer, 50(7):80–84.
Mansfield-Devine, S. (2016). DDoS goes mainstream: how headline-grabbing attacks could make this threat an organisation’s biggest nightmare. Network Security, 2016(11):7 – 13.
Nayyar, A. and Puri, V. (2015). Raspberry Pi-A Small, Powerful, Cost Effective and Efficient Form Factor Computer: A Review. International Journal of Advanced Research in Computer Science and Software Engineering, 5(12):720–737.
Nigam, R. (2015). A timeline of mobile botnets. Virus Bulletin, March.
Nobakht, M., Sivaraman, V., and Boreli, R. (2016). A Host-Based Intrusion Detection and Mitigation Framework for Smart Home IoT Using OpenFlow. In Availability, Reliability and Security (ARES), 2016 11th International Conference on, pages 147–156. IEEE.
Oh, D., Kim, D., and Ro, W. W. (2014). A malicious pattern detection engine for embedded security systems in the Internet of Things. Sensors, 14(12):24188–24211.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39(1):3–es.
Raza, S., Wallgren, L., and Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks, 11(8):2661–2674.
Sforzin, A., Mármol, F. G., Conti, M., and Bohli, J.-M. (2016). RPiDS: Raspberry Pi IDS—A Fruitful Intrusion Detection System for IoT. In UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld, 2016 Intl IEEE Conferences, pages 440–448. IEEE.
Shiravi, A., Shiravi, H., Tavallaee, M., and Ghorbani, A. A. (2012). Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Comput. Secur., 31(3):357–374.
Silva, S. S. C., Silva, R. M. P., Pinto, R. C. G., and Salles, R. M. (2013). Botnets: A survey. Computer Networks, 57(2):378–403.
Stavrou, A., Voas, J., and Fellow, I. (2017). DDoS in the IoT. Computer, 50:80–84.
Summerville, D. H., Zach, K. M., and Chen, Y. (2015). Ultra-lightweight deep packet anomaly detection for Internet of Things devices. In Computing and Communications Conference (IPCCC), 2015 IEEE 34th International Performance, pages 1–8. IEEE.
Thomas, C., Sharma, V., and Balakrishnan, N. (2008). Usefulness of DARPA dataset for Intrusion Detection System Evaluation. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, 6973:69730G–69730G–8.
Whitmore, A., Agarwal, A., and Da Xu, L. (2015). The Internet of Things—A survey of topics and trends. Information Systems Frontiers, 17(2):261–274.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4):2046–2069.
Zarpelão, B. B., Miani, R. S., Kawakani, C. T., and de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84(September 2016):25–37.
Publicado
25/10/2018
Como Citar
BEZERRA, Vitor Hugo; COSTA, Victor G. Turrisi da; MARTINS, Ricardo Augusto; BARBON JUNIOR, Sylvio; MIANI, Rodrigo Sanches; ZARPELÃO, Bruno Bogaz.
Providing IoT host-based datasets for intrusion detection research. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 18. , 2018, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 15-28.
DOI: https://doi.org/10.5753/sbseg.2018.4240.
