DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Energy Efficient and Secure Wireless Sensor Networks Design

Wireless Sensor Networks (WSNs) are emerging technologies that have the ability to sense, process, communicate, and transmit information to a destination, and they are expected to have significant impact on the efficiency of many applications in various fields. The resource constraint such as limited battery power, is the greatest challenge in WSNs design as it affects the lifetime and performance of the network. An energy efficient, secure, and trustworthy system is vital when a WSN involves highly sensitive information. Thus, it is critical to design mechanisms that are energy efficient and secure while at the same time maintaining the desired level of quality of service. Inspired by these challenges, this dissertation is dedicated to exploiting optimization and game theoretic approaches/solutions to handle several important issues in WSN communication, including energy efficiency, latency, congestion, dynamic traffic load, and security. We present several novel mechanisms to improve the security and energy efficiency of WSNs. Two new schemes are proposed for the network layer stack to achieve the following: (a) to enhance energy efficiency through optimized sleep intervals, that also considers the underlying dynamic traffic load and (b) to develop the routing protocol in order to handle wasted energy, congestion, and clustering. We also propose efficient routing and energy-efficient clustering algorithms based on optimization and game theory. Furthermore, we propose a dynamic game theoretic framework (i.e., hyper defense) to analyze the interactions between attacker and defender as a non-cooperative security game that considers the resource limitation. All the proposed schemes are validated by extensive experimental analyses, obtained by running simulations depicting various situations in WSNs in order to represent real-world scenarios as realistically as possible. The results show that the proposed schemes achieve high performance in different terms, such as network lifetime, compared with the state-of-the-art schemes

Database Intrusion Detection: Defending Against the Insider Threat

Not only are Databases an integral and critical part of many information systems, they are critical information assets to many business enterprises. However, the network and host intrusion detection systems most enterprises use to detect attacks against their information systems cannot detect transaction-level attacks against databases. Transaction-level attacks often come from authorized users in the form of inference, query flood, or other anomalous query attacks. Insider attacks are not only growing in frequency, but remain significantly more damaging to businesses than external attacks. This paper proposes a database intrusion detection model to detect and respond to transaction-level attacks from authorized database users

THE OBSERVATION OF SMART CAMERA SECURITY

At present, as the Internet of Thing (IoT) is increasingly widely used in human life, how to protect IoT devices from Malware attack has become an inevitable problem. This project is an analysis of two malwares and how they impact the Internet of Thing (IoT), especially the smart cameras common in people’s life and used in the enterprise. The analysis looks at the vulnerabilities of smart cameras and how Mirai malware and Persirai malware take advantage to these vulnerabilities to attack smart cameras within the network through the simulation process. Through the simulation, although both malwares were implemented using different methods, they all see smart cameras as bots that lead to a similar impact. In this analysis, the simulation process was set up to find ways to prevent smart cameras from being infected by malware. The scanning part found the target, the report part saw how malware gained access to their target and the control part examined how malware controls infected smart cameras to launch an attack. This analysis also looks at Cyber Kill Chain framework to examine how it could be when applied to the smart cameras and malicious software attack. The Cyber Kill Chain framework was used to break down the cyberattacks and aided in providing ways to prevent both malwares at every step. The framework shows that the user plays a huge role in preventing smart cameras from malware attack. The more knowledge and awareness users have, the safer the environment for their smart cameras

An Innovative Signature Detection System for Polymorphic and Monomorphic Internet Worms Detection and Containment

Most current anti-worm systems and intrusion-detection systems use signature-based technology instead of anomaly-based technology. Signature-based technology can only detect known attacks with identified signatures. Existing anti-worm systems cannot detect unknown Internet scanning worms automatically because these systems do not depend upon worm behaviour but upon the worm’s signature. Most detection algorithms used in current detection systems target only monomorphic worm payloads and offer no defence against polymorphic worms, which changes the payload dynamically. Anomaly detection systems can detect unknown worms but usually suffer from a high false alarm rate. Detecting unknown worms is challenging, and the worm defence must be automated because worms spread quickly and can flood the Internet in a short time. This research proposes an accurate, robust and fast technique to detect and contain Internet worms (monomorphic and polymorphic). The detection technique uses specific failure connection statuses on specific protocols such as UDP, TCP, ICMP, TCP slow scanning and stealth scanning as characteristics of the worms. Whereas the containment utilizes flags and labels of the segment header and the source and destination ports to generate the traffic signature of the worms. Experiments using eight different worms (monomorphic and polymorphic) in a testbed environment were conducted to verify the performance of the proposed technique. The experiment results showed that the proposed technique could detect stealth scanning up to 30 times faster than the technique proposed by another researcher and had no false-positive alarms for all scanning detection cases. The experiments showed the proposed technique was capable of containing the worm because of the traffic signature’s uniqueness