'Institute of Electrical and Electronics Engineers (IEEE)'
Doi
Abstract
Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected
machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in
the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper
presents WARDOG – an awareness and digital forensic system that informs the end-user of the botnet’s infection, exposes the
botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all
information and automatically generates a unitary documentation for the case. The document contains undisputed forensic
information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall
administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are
verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet
operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming
state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the
low computational/communicational overheads of WARDOG in the field