Data-Driven Intelligence for Characterizing Internet-scale IoT
Exploitations

D 2018

Data-Driven Intelligence for Characterizing Internet-scale IoT Exploitations

NESHENKO, Nataliia, Martin HUSÁK, Elias BOU-HARB, Pavel ČELEDA, Sameera AL-MULLA et. al.

Basic information

Original name

Data-Driven Intelligence for Characterizing Internet-scale IoT Exploitations

Authors

NESHENKO, Nataliia, Martin HUSÁK (203 Czech Republic, guarantor, belonging to the institution), Elias BOU-HARB, Pavel ČELEDA (203 Czech Republic, belonging to the institution), Sameera AL-MULLA and Claude FACHKHA

Edition

Abu Dhabi, 2018 IEEE Globecom Workshops, p. 1-7, 7 pp. 2018

Publisher

IEEE

Other information

Language

English

Type of outcome

Stať ve sborníku

Field of Study

10200 1.2 Computer and information sciences

Country of publisher

United States of America

Confidentiality degree

není předmětem státního či obchodního tajemství

Publication form

electronic version available online

References:

URL

RIV identification code

RIV/00216224:14610/18:00108865

Organization unit

Institute of Computer Science

ISBN

978-1-5386-4920-6

ISSN

DOI

http://dx.doi.org/10.1109/GLOCOMW.2018.8644468

UT WoS

000462817000273

Keywords in English

network monitoring;darknet;IoT;cyber security

Abstract

V originále

While the security issue associated with the Internet-of-Things (IoT) continues to attract significant attention from the research and operational communities, the visibility of IoT security-related data hinders the prompt inference and remediation of IoT maliciousness. In an effort to address the IoT security problem at large, in this work, we extend passive monitoring and measurements by investigating network telescope data to infer and analyze malicious activities generated by compromised IoT devices deployed in various domains. Explicitly, we develop a data-driven approach to pinpoint exploited IoT devices, investigate and differentiate their illicit actions, and examine their hosting environments. More importantly, we conduct discussions with various entities to obtain IP allocation information, which further allows us to attribute IoT exploitations per business sector (i.e., education, financial, manufacturing, etc.). Our analysis draws upon 1.2 TB of darknet data that was collected from a /8 network telescope for a 1 day period. The outcome signifies an alarming number of compromised IoT devices. Notably, around 940 of them fell victims of DDoS attacks, while 55,000 IoT nodes were shown to be compromised, aggressively probing Internet-wide hosts. Additionally, we inferred alarming IoT exploitations in various critical sectors such as the manufacturing, financial and healthcare realms.

Links

EF16_019/0000822, research and development project

Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Citovat

NESHENKO, Nataliia, Martin HUSÁK, Elias BOU-HARB, Pavel ČELEDA, Sameera AL-MULLA and Claude FACHKHA. Data-Driven Intelligence for Characterizing Internet-scale IoT Exploitations. Online. In 2018 IEEE Globecom Workshops. Abu Dhabi: IEEE, 2018, p. 1-7. ISBN 978-1-5386-4920-6. Available from: https://dx.doi.org/10.1109/GLOCOMW.2018.8644468.

@inproceedings{1434137,
   author = {Neshenko, Nataliia and Husák, Martin and BouandHarb, Elias and Čeleda, Pavel and AlandMulla, Sameera and Fachkha, Claude},
   address = {Abu Dhabi},
   booktitle = {2018 IEEE Globecom Workshops},
   doi = {http://dx.doi.org/10.1109/GLOCOMW.2018.8644468},
   keywords = {network monitoring;darknet;IoT;cyber security},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Abu Dhabi},
   isbn = {978-1-5386-4920-6},
   pages = {1-7},
   publisher = {IEEE},
   title = {Data-Driven Intelligence for Characterizing Internet-scale IoT Exploitations},
   url = {https://ieeexplore.ieee.org/document/8644468},
   year = {2018}
}

TY  - JOUR
ID  - 1434137
AU  - Neshenko, Nataliia - Husák, Martin - Bou-Harb, Elias - Čeleda, Pavel - Al-Mulla, Sameera - Fachkha, Claude
PY  - 2018
TI  - Data-Driven Intelligence for Characterizing Internet-scale IoT Exploitations
PB  - IEEE
CY  - Abu Dhabi
SN  - 9781538649206
KW  - network monitoring;darknet;IoT;cyber security
UR  - https://ieeexplore.ieee.org/document/8644468
L2  - https://ieeexplore.ieee.org/document/8644468
N2  - While the security issue associated with the Internet-of-Things (IoT) continues to attract significant attention from the research and operational communities, the visibility of IoT security-related data hinders the prompt inference and remediation of IoT maliciousness. In an effort to address the IoT security problem at large, in this work, we extend passive monitoring and measurements by investigating network telescope data to infer and analyze malicious activities generated by compromised IoT devices deployed in various domains. Explicitly, we develop a data-driven approach to pinpoint exploited IoT devices, investigate and differentiate their illicit actions, and examine their hosting environments. More importantly, we conduct discussions with various entities to obtain IP allocation information, which further allows us to attribute IoT exploitations per business sector (i.e., education, financial, manufacturing, etc.). Our analysis draws upon 1.2 TB of darknet data that was collected from a /8 network telescope for a 1 day period. The outcome signifies an alarming number of compromised IoT devices. Notably, around 940 of them fell victims of DDoS attacks, while 55,000 IoT nodes were shown to be compromised, aggressively probing Internet-wide hosts. Additionally, we inferred alarming IoT exploitations in various critical sectors such as the manufacturing, financial and healthcare realms.
ER  -

NESHENKO, Nataliia, Martin HUSÁK, Elias BOU-HARB, Pavel ČELEDA, Sameera AL-MULLA and Claude FACHKHA. Data-Driven Intelligence for Characterizing Internet-scale IoT Exploitations. Online. In \textit{2018 IEEE Globecom Workshops}. Abu Dhabi: IEEE, 2018, p.~1-7. ISBN~978-1-5386-4920-6. Available from: https://dx.doi.org/10.1109/GLOCOMW.2018.8644468.

Detailed Information on Publication Record