A first empirical look on internet-scale exploitations of IoT devices
作者: Mario Galluscio , Nataliia Neshenko , Elias Bou-Harb , Yongliang Huang , Nasir Ghani
DOI: 10.1109/PIMRC.2017.8292628
关键词:
摘要: Technological advances and innovative business models led to the modernization of cyber-physical concept with realization Internet Things (IoT). While IoT envisions a plethora high impact benefits in both, consumer as well control automation markets, unfortunately, security concerns continue be an afterthought. Several technical challenges impede addressing such requirements, including, lack empirical data related various devices addition shortage actionable attack signatures. In this paper, we present what believe is first attempt ever comprehend severity maliciousness by empirically characterizing magnitude Internet-scale exploitations. We draw upon unique extensive darknet (passive) develop algorithm infer unsolicited which have been compromised are attempting exploit other hosts. further perform correlations leveraging active Internet-wide scanning identify report on their hosting environments. The generated results indicate staggering 11 thousand exploited that currently wild. Moreover, outcome pinpoints embedded deep operational Cyber-Physical Systems (CPS) manufacturing plants power utilities most compromised. concur highlight wide-spread insecurities paradigm, while inferences postulated leveraged for prompt mitigation facilitate forensic investigations using real data.
etsmtl.ca
sci-hub.se 参考文章(27)
Evan Cooke, Michael Bailey, Farnam Jahanian, Richard Mortier, None, The dark oracle: perspective-aware unused and unreachable address discovery networked systems design and implementation. pp. 8- 8 ,(2006)
David Moore, Colleen Shannon, Geoffrey M Voelker, Stefan Savage, Network Telescopes: Technical Report ,(2004)
Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins, Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices International Journal of Critical Infrastructure Protection. ,vol. 7, pp. 114- 123 ,(2014) , 10.1016/J.IJCIP.2014.03.001
Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh, Mourad Debbabi, None, Multidimensional investigation of source port 0 probing Digital Investigation. ,vol. 11, pp. S114- S123 ,(2014) , 10.1016/J.DIIN.2014.05.012
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, Behavioral analytics for inferring large-scale orchestrated probing events international conference on computer communications. pp. 506- 511 ,(2014) , 10.1109/INFCOMW.2014.6849283
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A systematic approach for detecting and clustering distributed cyber scanning Computer Networks. ,vol. 57, pp. 3826- 3839 ,(2013) , 10.1016/J.COMNET.2013.09.008
Dina Hadžiosmanović, Robin Sommer, Emmanuele Zambon, Pieter H. Hartel, Through the eye of the PLC: semantic security monitoring for industrial processes annual computer security applications conference. pp. 126- 135 ,(2014) , 10.1145/2664243.2664277
Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, Marimuthu Palaniswami, Internet of Things (IoT): A vision, architectural elements, and future directions Future Generation Computer Systems. ,vol. 29, pp. 1645- 1660 ,(2013) , 10.1016/J.FUTURE.2013.01.010
Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini, Imrich Chlamtac, Internet of things: Vision, applications and research challenges Ad Hoc Networks. ,vol. 10, pp. 1497- 1516 ,(2012) , 10.1016/J.ADHOC.2012.02.016
Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti, Sophia Antipolis, A large-scale analysis of the security of embedded firmwares usenix security symposium. pp. 95- 110 ,(2014)