Management and Security of IoT systems using Microservices

Devices that assist the user with some task or help them to make an informed decision are called smart devices. A network of such devices connected to internet are collectively called as Internet of Things (IoT). The applications of IoT are expanding exponentially and are becoming a part of our day to day lives. The rise of IoT led to new security and management issues. In this project, we propose a solution for some major problems faced by the IoT devices, including the problem of complexity due to heterogeneous platforms and the lack of IoT device monitoring for security and fault tolerance. We aim to solve the above issues in a microservice architecture. We build a data pipeline for IoT devices to send data through a messaging platform Kafka and monitor the devices using the collected data by making real time dashboards and a machine learning model to give better insights of the data. For proof of concept, we test the proposed solution on a heterogeneous cluster, including Raspberry Pi’s and IoT devices from different vendors. We validate our design by presenting some simple experimental results

From ZeuS to Zitmo : trends in banking malware

In the crimeware world, financial botnets are a global threat to banking organizations. Such malware purposely performs financial fraud and steals critical information from clients' computers. A common example of banking malware is the ZeuS botnet. Recently, variants of this malware have targeted mobile platforms, as The-ZeuS-in-the-Mobile or Zitmo. With the rise in mobile systems, platform security is becoming a major concern across the mobile world, with rising incidence of compromising Android devices. In similar vein, there have been mobile botnet attacks on iPhones, Blackberry and Symbian devices. In this setting, we report on trends and developments of ZeuS and its variants

Deep fused flow and topology features for botnet detection basing on pretrained GCN

Nowadays, botnets have become one of the major threats to cyber security. The characteristics of botnets are mainly reflected in bots network behavior and their intercommunication relationships. Existing botnet detection methods use flow features or topology features individually, which overlook the other type of feature. This affects model performance. In this paper, we propose a botnet detection model which uses graph convolutional network (GCN) to deeply fuse flow features and topology features for the first time. We construct communication graphs from network traffic and represent nodes with flow features. Due to the imbalance of existing public traffic flow datasets, it is impossible to train a GCN model on these datasets. Therefore, we use a balanced public communication graph dataset to pretrain a GCN model, thereby guaranteeing its capacity for identify topology features. We then feed the communication graph with flow features into the pretrained GCN. The output from the last hidden layer is treated as the fusion of flow and topology features. Additionally, by adjusting the number of layers in the GCN network, the model can effectively detect botnets under both C2 and P2P structures. Validated on the public ISCX2014 dataset, our approach achieves a remarkable recall rate 92.90% and F1-score 92.76% for C2 botnets, alongside recall rate 94.66% and F1-score of 92.35% for P2P botnets. These results not only demonstrate the effectiveness of our method, but also outperform the performance of the currently leading detection models

Tracing the P2P Botnets Behaviours via Hybrid Analysis Approach

P2P botnets has become central issue that threatens global network security. The unification of botnets and P2P technology make it more powerful and complicated to detect. P2P botnets generally known with abnormal traffic behaviours may highly impact the networks operation, network security and cause financial losses. In order to detect these P2P botnets, a highly-profile investigation on flow analysis is necessary. We consider hybrid analysis approach that integrate both static analysis and dynamic analysis approach. The hybrid analysis will be used in profiling the P2P behaviours and characteristics. Then, the findings of analysis results will contributes on P2P botnets behaviour pattern that will be used in constructing the general model of P2P botnets behaviour. Through the findings, this paper proposes a general P2P botnets behaviour model. The proposed model will be beneficial to further work on P2P botnets detection techniques

ANALYSIS OF BOTNET CLASSIFICATION AND DETECTION BASED ON C&C CHANNEL

Botnet is a serious threat to cyber-security. Botnet is a robot that can enter the computer and perform DDoS attacks through attacker’s command. Botnets are designed to extract confidential information from network channels such as LAN, Peer or Internet. They perform on hacker's intention through Command & Control(C&C) where attacker can control the whole network and can clinch illegal activities such as identity theft, unauthorized logins and money transactions. Thus, for security reason, it is very important to understand botnet behavior and go through its countermeasures. This thesis draws together the main ideas of network anomaly, botnet behavior, taxonomy of botnet, famous botnet attacks and detections processes. Based on network protocols, botnets are mainly 3 types: IRC, HTTP, and P2P botnet. All 3 botnet's behavior, vulnerability, and detection processes with examples are explained individually in upcoming chapters. Meanwhile saying shortly, IRC Botnet refers to early botnets targeting chat and messaging applications, HTTP Botnet targets internet browsing/domains and P2P Botnet targets peer network i.e. decentralized servers. Each Botnet's design, target, infecting and spreading mechanism can be different from each other. For an instance, IRC Botnet is targeted for small environment attacks where HTTP and P2P are for huge network traffic. Furthermore, detection techniques and algorithms filtration processes are also different among each of them. Based on these individual botnet's behavior, many research papers have analyzed numerous botnet detection techniques such as graph-based structure, clustering algorithm and so on. Thus, this thesis also analyzes popular detection mechanisms, C&C channels, Botnet working patterns, recorded datasets, results and false positive rates of bots prominently found in IRC, HTTP and P2P. Research area covers C&C channels, botnet behavior, domain browsing, IRC, algorithms, intrusion and detection, network and peer, security and test results. Research articles are conducted from scientific books through online source and University of Turku library

A Historical evaluation of C&C complexity

The actions of Malware are often controlled through uniform communications mechanisms, which are regularly changing to evade detection techniques and remain prolific. Though geographically dispersed, malware-infected nodes being controlled for a common purpose can be viewed as a logically joint network, now loosely referred to as a botnet. The evolution of the mechanisms or processes for controlling the networks of malware-infected nodes may be indicative of their sophistication relative to a point of inception or discovery (if inception time is unknown). A sampling of botnet related malware at different points of inception or discovery can provide accurate representations of the sophistication variance of command and control processes. To accurately measure a sampling, a matrix of sophistication, deemed the Complexity Matrix (CM), was created to categorize the signifying characteristics of Command and Control (C&C) processes amongst a historically-diverse selection of bot binaries. In this paper, a survey of botnets is conducted to identify C&C characteristics that accurately represent the level of sophistication being implemented within a specified time frame. The results of the survey are collected in a CM and used to generate a subsequent roadmap of C&C milestones

Botnets and Distributed Denial of Service Attacks

With their ever increasing malicious capabilities and potential to infect a vast majority of computers on the Internet, botnets are emerging as the single biggest threat to Internet security. The aim of this project is to perform a detailed analysis of botnets and the vulnerabilities exploited by them to spread themselves and perform various malicious activities such as DDoS attacks. DDoS attacks are without doubt the most potent form of attacks carried out by botnets. In order to better understand this growing phenomenon and develop effective counter measures, it is necessary to be able to simulate DDoS attacks in a controlled environment. Simulating a DDoS attack with control over various simulation and attack parameters will give us insights into how attacks achieve stealth and avoid detection. A detailed analysis of existing DDoS defense strategies and proposals combined with the insights derived from simulation should enable us to come up with innovative and feasible solutions to prevent and mitigate DDoS attacks carried out using Botnet

Botnet Detection Using Graph Based Feature Clustering

Detecting botnets in a network is crucial because bot-activities impact numerous areas such as security, finance, health care, and law enforcement. Most existing rule and flow-based detection methods may not be capable of detecting bot-activities in an efficient manner. Hence, designing a robust botnet-detection method is of high significance. In this study, we propose a botnet-detection methodology based on graph-based features. Self-Organizing Map is applied to establish the clusters of nodes in the network based on these features. Our method is capable of isolating bots in small clusters while containing most normal nodes in the big-clusters. A filtering procedure is also developed to further enhance the algorithm efficiency by removing inactive nodes from bot detection. The methodology is verified using real-world CTU-13 and ISCX botnet datasets and benchmarked against classification-based detection methods. The results show that our proposed method can efficiently detect the bots despite their varying behaviors