Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns
作者: Morteza Safaei Pour , Elias Bou-Harb , Kavita Varma , Nataliia Neshenko , Dimitris A. Pados
DOI: 10.1016/J.DIIN.2019.01.014
关键词:
摘要: Abstract The resource-constrained and heterogeneous nature of Internet-of-Things (IoT) devices coupled with the placement such in publicly accessible venues complicate efforts to secure these networks they are connected to. Internet-wide deployment IoT also makes it challenging operate security solutions at strategic locations within network or identify orchestrated activities from seemingly independent malicious events devices. Therefore, this paper, we initially seek determine magnitude exploitations by examining more than 1 TB passive measurement data collected a/8 telescope correlating 400 GB information Shodan service. In second phase study, conduct in-depth discussions Internet Service Providers (ISPs) backbone operators, as well leverage geolocation databases not only attribute their hosting environment (ISPs, countries, etc.) but classify inferred based on sector type (financial, education, manufacturing, most abused manufacturers. third phase, automate task alerting realms that determined be exploited Additionally, address problem inferring campaigns solely observing targeting telescope, further introduce a theoretically sound technique L1-norm PCA, validate utility proposed dimensionality reduction against conventional L2-norm PCA. Specifically, “in wild” coordinated probing generic ports specifically searching for open resolvers (for amplification purposes). results reveal 120,000 Internet-scale devices, some which operating critical infrastructure sectors health manufacturing. We infer 140 large-scale IoT-centric campaigns; sample includes worldwide distributed campaign where close 40% its population video surveillance cameras single manufacturer, another very large consisting 50,000 reported findings highlight insecurity paradigm thus demonstrate importance understanding evolving threat landscape.
sci-hub.se 参考文章(65)
Takeo Kanade, Qifa Ke, Robust subspace computation using L1 norm ,(2003)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Ying Liu, Dimitris A. Pados, Compressed-sensed-domain L1-PCA video surveillance Proceedings of SPIE. ,vol. 9484, ,(2015) , 10.1117/12.2179722
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Panos P. Markopoulos, George N. Karystinos, Dimitris A. Pados, Optimal Algorithms for L_{1}-subspace Signal Processing IEEE Transactions on Signal Processing. ,vol. 62, pp. 5046- 5058 ,(2014) , 10.1109/TSP.2014.2338077
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins, Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices International Journal of Critical Infrastructure Protection. ,vol. 7, pp. 114- 123 ,(2014) , 10.1016/J.IJCIP.2014.03.001
Christian Rossow, Amplification Hell: Revisiting Network Protocols for DDoS Abuse network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23233