Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks
The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them t...
Saved in:
| Published in | IEEE transactions on information forensics and security Vol. 14; no. 9; pp. 2412 - 2426 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
New York
IEEE
01.09.2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1556-6013 1556-6021 |
| DOI | 10.1109/TIFS.2019.2898817 |
Cover
| Abstract | The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint. |
|---|---|
| AbstractList | The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their vicinity. The communication flexibility coupled with software vulnerabilities in devices, due to low cost and short time-to-market, exposes them to a high risk of malware infiltration. Malware may infect a large number of network devices using device-to-device (D2D) communication resulting in the formation of a botnet, i.e., a network of infected devices controlled by a common malware. A botmaster may exploit it to launch a network-wide attack sabotaging infrastructure and facilities, or for malicious purposes such as collecting ransom. In this paper, we propose an analytical model to study the D2D propagation of malware in wireless IoT networks. Leveraging tools from dynamic population processes and point process theory, we capture malware infiltration and coordination process over a network topology. The analysis of mean-field equilibrium in the population is used to construct and solve an optimization problem for the network defender to prevent botnet formation by patching devices while causing minimum overhead to network operation. The developed analytical model serves as a basis for assisting the planning, design, and defense of such networks from a defender's standpoint. |
| Author | Farooq, Muhammad Junaid Quanyan Zhu |
| Author_xml | – sequence: 1 givenname: Muhammad Junaid surname: Farooq fullname: Farooq, Muhammad Junaid email: mjf514@nyu.edu organization: Dept. of Electr. & Comput. Eng., New York Univ., New York, NY, USA – sequence: 2 surname: Quanyan Zhu fullname: Quanyan Zhu email: qz494@nyu.edu organization: Dept. of Electr. & Comput. Eng., New York Univ., New York, NY, USA |
| BookMark | eNp9kEFPAjEQhRujiYD-AOOliVcWt-1ut3tEFCUBPYjh2JRuS4pLi22J4d-7uISDB08zyXvfTN7rgnPrrALgBqUDhNLyfj4Zvw9wisoBZiVjqDgDHZTnNKEpRuenHZFL0A1hnaZZhijrgMXMVao2dtWHQyvqfTChD4Wt4MxEsxLROAudho97KzZGwgcXrYpw7Pym1YyFC-NVrUKAEzeHryp-O_8ZrsCFFnVQ18fZAx_jp_noJZm-PU9Gw2kiSV7GBDPJqNa5LGWWE5rRsqiaPIgwppeMCKIqwZSWOaYSLzWrKoEyRRprtcwl1aQH7tq7W---dipEvnY73yQJHGNSUFrmJW1cqHVJ70LwSvOtNxvh9xyl_NAfP_THD_3xY38NU_xhpIm_oaMXpv6XvG1Jo5Q6fWKUNDomP9jCf40 |
| CODEN | ITIFA6 |
| CitedBy_id | crossref_primary_10_1109_ACCESS_2020_3039985 crossref_primary_10_1109_JIOT_2023_3295016 crossref_primary_10_1109_COMST_2023_3336194 crossref_primary_10_1109_MCOM_001_2000062 crossref_primary_10_1109_MCS_2022_3171478 crossref_primary_10_1109_ACCESS_2021_3086531 crossref_primary_10_1016_j_cose_2022_103064 crossref_primary_10_1371_journal_pone_0301888 crossref_primary_10_1109_ACCESS_2022_3213032 crossref_primary_10_1016_j_heliyon_2024_e39192 crossref_primary_10_1109_ACCESS_2020_2984668 crossref_primary_10_1007_s13235_022_00432_4 crossref_primary_10_1016_j_ifacol_2020_12_086 crossref_primary_10_1109_TIFS_2023_3284214 crossref_primary_10_1038_s41598_024_57864_8 crossref_primary_10_3390_e22101166 crossref_primary_10_3390_electronics10091104 crossref_primary_10_1109_TDSC_2024_3451129 crossref_primary_10_1016_j_aej_2024_02_027 crossref_primary_10_1016_j_future_2020_10_001 crossref_primary_10_1109_JIOT_2022_3147840 crossref_primary_10_3390_math12060835 crossref_primary_10_1109_JIOT_2023_3240421 crossref_primary_10_3390_math12020250 crossref_primary_10_1109_TNET_2023_3288558 crossref_primary_10_1016_j_cose_2022_103013 crossref_primary_10_1016_j_dcan_2021_07_006 crossref_primary_10_1109_JIOT_2020_3034111 crossref_primary_10_1109_TNSE_2023_3273184 crossref_primary_10_3390_app11093751 crossref_primary_10_1109_JSYST_2023_3269158 crossref_primary_10_1109_MNET_011_2000068 crossref_primary_10_1016_j_cose_2024_104186 crossref_primary_10_1007_s11042_024_19273_x crossref_primary_10_1109_LNET_2023_3241867 crossref_primary_10_1109_TMC_2020_3026342 crossref_primary_10_1109_JIOT_2020_2984662 crossref_primary_10_1109_TIFS_2021_3082290 crossref_primary_10_1109_TIFS_2023_3246765 crossref_primary_10_1109_TNSM_2020_2971213 crossref_primary_10_1177_0954405420953298 crossref_primary_10_1016_j_knosys_2024_112052 crossref_primary_10_1007_s11192_020_03819_5 crossref_primary_10_1109_ACCESS_2020_3046442 crossref_primary_10_1109_TIFS_2024_3463965 crossref_primary_10_3390_fi16060212 |
| Cites_doi | 10.1109/ICC.2008.216 10.1007/978-3-540-78911-6 10.1145/1478462.1478502 10.1109/SECURWARE.2009.48 10.1109/ACCESS.2018.2831284 10.1109/TCOMM.2006.877962 10.1109/TCOMM.2004.831346 10.1109/MC.2017.201 10.2307/3212273 10.1109/ICITECH.2017.8079928 10.1126/science.1061076 10.1109/JIOT.2017.2767291 10.1109/LCOMM.2016.2637367 10.1016/j.physa.2012.11.043 10.1103/RevModPhys.87.925 10.1109/MC.2017.62 10.1109/TIFS.2014.2359333 10.1109/SURV.2011.041110.00022 10.1109/JIOT.2017.2683200 10.1109/INFCOM.2012.6195668 10.4108/ICST.SIMUTOOLS2009.5652 10.1109/TWC.2018.2799860 10.1109/TIFS.2017.2686367 10.1109/TWC.2018.2854579 10.1515/9783112719176 10.1109/TMC.2015.2492545 10.23919/WIOPT.2017.7959892 10.1109/COMST.2017.2749442 10.1145/3190645.3190678 10.1103/PhysRevE.69.066130 10.1109/TWC.2009.090105 10.1109/TIFS.2017.2688414 10.1109/TIFS.2012.2204981 10.1109/JIOT.2017.2694844 10.1109/TCOMM.2010.093010.090478 10.1109/MC.2018.3011046 10.1109/JSAC.2006.879350 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019 |
| DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 7TB 8FD FR3 JQ2 KR7 L7M L~C L~D |
| DOI | 10.1109/TIFS.2019.2898817 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Mechanical & Transportation Engineering Abstracts Technology Research Database Engineering Research Database ProQuest Computer Science Collection Civil Engineering Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Civil Engineering Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Mechanical & Transportation Engineering Abstracts Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Engineering Research Database Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Civil Engineering Abstracts |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Statistics Computer Science |
| EISSN | 1556-6021 |
| EndPage | 2426 |
| ExternalDocumentID | 10_1109_TIFS_2019_2898817 8638982 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: National Science Foundation grantid: CNS-1544782; SES-1541164 funderid: 10.13039/100000001 – fundername: Department of Defense grantid: W911NF1910041 – fundername: a Department of Homeland Security Grant through the Critical Infrastructure Resilience Institute |
| GroupedDBID | 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABQJQ ABVLG ACGFS ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ IFIPE IPLJI JAVBF LAI M43 O9- OCL P2P PQQKQ RIA RIE RNS AAYXX CITATION RIG 7SC 7SP 7TB 8FD FR3 JQ2 KR7 L7M L~C L~D |
| ID | FETCH-LOGICAL-c359t-28c86ff5c9c45364697d1101388fb83a3eda8efc526c2bf8dda14e3536db5c6f3 |
| IEDL.DBID | RIE |
| ISSN | 1556-6013 |
| IngestDate | Mon Jun 30 05:55:21 EDT 2025 Tue Jul 01 02:34:14 EDT 2025 Thu Apr 24 23:11:22 EDT 2025 Wed Aug 27 02:45:12 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 9 |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html https://doi.org/10.15223/policy-029 https://doi.org/10.15223/policy-037 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c359t-28c86ff5c9c45364697d1101388fb83a3eda8efc526c2bf8dda14e3536db5c6f3 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0003-0618-9345 |
| PQID | 2237669596 |
| PQPubID | 85506 |
| PageCount | 15 |
| ParticipantIDs | ieee_primary_8638982 crossref_primary_10_1109_TIFS_2019_2898817 crossref_citationtrail_10_1109_TIFS_2019_2898817 proquest_journals_2237669596 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2019-09-01 |
| PublicationDateYYYYMMDD | 2019-09-01 |
| PublicationDate_xml | – month: 09 year: 2019 text: 2019-09-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | New York |
| PublicationPlace_xml | – name: New York |
| PublicationTitle | IEEE transactions on information forensics and security |
| PublicationTitleAbbrev | TIFS |
| PublicationYear | 2019 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref35 ref13 antonakakis (ref15) 2017 ref34 ref12 ref36 ref14 ref31 ref30 ref33 ref11 ref32 ref10 (ref20) 2009 dibrov (ref8) 2017 ref1 ref39 ref17 ref19 (ref2) 2019 moriuchi (ref16) 2018 cvetkovski (ref48) 2012 tannenbaum (ref5) 2017 ref46 ref24 ref45 ref26 ref47 ref25 ref42 ref41 ref22 ref44 ref21 ref43 (ref38) 2019 ref28 ref27 ref29 kim (ref23) 2004 reed (ref18) 2011 ref7 (ref3) 2019 ref9 ref4 ref6 ref40 stoyan (ref37) 1987 |
| References_xml | – ident: ref42 doi: 10.1109/ICC.2008.216 – ident: ref33 doi: 10.1007/978-3-540-78911-6 – ident: ref39 doi: 10.1145/1478462.1478502 – ident: ref12 doi: 10.1109/SECURWARE.2009.48 – ident: ref25 doi: 10.1109/ACCESS.2018.2831284 – ident: ref45 doi: 10.1109/TCOMM.2006.877962 – ident: ref47 doi: 10.1109/TCOMM.2004.831346 – ident: ref10 doi: 10.1109/MC.2017.201 – ident: ref36 doi: 10.2307/3212273 – year: 2017 ident: ref5 publication-title: Why Do IoT Companies Keep Building Devices with Huge Security Flaws? – ident: ref1 doi: 10.1109/ICITECH.2017.8079928 – year: 2019 ident: ref3 publication-title: Google Home – ident: ref34 doi: 10.1126/science.1061076 – ident: ref4 doi: 10.1109/JIOT.2017.2767291 – ident: ref29 doi: 10.1109/LCOMM.2016.2637367 – year: 2018 ident: ref16 article-title: Mirai-variant IoT botnet used to target financial sector in January 2018 – ident: ref44 doi: 10.1016/j.physa.2012.11.043 – ident: ref43 doi: 10.1103/RevModPhys.87.925 – ident: ref14 doi: 10.1109/MC.2017.62 – ident: ref30 doi: 10.1109/TIFS.2014.2359333 – year: 2009 ident: ref20 publication-title: Can wireless LAN denial of service attacks be prevented? Understanding WLAN DoS vulnerabilities & practical countermeasures – ident: ref19 doi: 10.1109/SURV.2011.041110.00022 – ident: ref6 doi: 10.1109/JIOT.2017.2683200 – year: 2019 ident: ref2 publication-title: Amazon Echo – ident: ref17 doi: 10.1109/INFCOM.2012.6195668 – ident: ref24 doi: 10.4108/ICST.SIMUTOOLS2009.5652 – ident: ref31 doi: 10.1109/TWC.2018.2799860 – ident: ref7 doi: 10.1109/TIFS.2017.2686367 – ident: ref28 doi: 10.1109/TWC.2018.2854579 – year: 1987 ident: ref37 publication-title: Stochastic Geometry and its Applications doi: 10.1515/9783112719176 – ident: ref27 doi: 10.1109/TMC.2015.2492545 – start-page: 1 year: 2017 ident: ref15 article-title: Understanding the Mirai botnet publication-title: Proc 26th USENIX Security Symp – ident: ref32 doi: 10.23919/WIOPT.2017.7959892 – ident: ref13 doi: 10.1109/COMST.2017.2749442 – ident: ref26 doi: 10.1145/3190645.3190678 – start-page: 1 year: 2011 ident: ref18 article-title: SkyNET: A 3G-enabled mobile attack drone and stealth botmaster publication-title: Proc Usenix Conf Offensive Technol (WOOT) – ident: ref35 doi: 10.1103/PhysRevE.69.066130 – year: 2017 ident: ref8 publication-title: The Internet of Things is Going to Change Everything About Cybersecurity – ident: ref41 doi: 10.1109/TWC.2009.090105 – ident: ref11 doi: 10.1109/TIFS.2017.2688414 – ident: ref22 doi: 10.1109/TIFS.2012.2204981 – start-page: 69 year: 2012 ident: ref48 publication-title: Inequalities Theorems Techniques and Selected Problems – ident: ref9 doi: 10.1109/JIOT.2017.2694844 – ident: ref40 doi: 10.1109/TCOMM.2010.093010.090478 – ident: ref21 doi: 10.1109/MC.2018.3011046 – start-page: 495 year: 2004 ident: ref23 article-title: Measurement and analysis of worm propagation on Internet network topology publication-title: Proc 13th Int Conf Comput Commun Netw – year: 2019 ident: ref38 publication-title: NYC OpenData NYC Wi-Fi Hotspot Locations – ident: ref46 doi: 10.1109/JSAC.2006.879350 |
| SSID | ssj0044168 |
| Score | 2.4765491 |
| Snippet | The Internet of Things (IoT) relies heavily on wireless communication devices that are able to discover and interact with other wireless devices in their... |
| SourceID | proquest crossref ieee |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 2412 |
| SubjectTerms | Analytical models Botnet Communication Communication system security device-to-device communication distributed denial of service Electronic devices Infiltration Internet of Things Malware Mathematical models Network topologies Optimization Patching population processes Sociology Statistics Wireless communication Wireless communications Wireless networks |
| Title | Modeling, Analysis, and Mitigation of Dynamic Botnet Formation in Wireless IoT Networks |
| URI | https://ieeexplore.ieee.org/document/8638982 https://www.proquest.com/docview/2237669596 |
| Volume | 14 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE Electronic Library (IEL) customDbUrl: eissn: 1556-6021 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0044168 issn: 1556-6013 databaseCode: RIE dateStart: 20060101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8QwEB7Ukx58rIrrixw8yXbtK2ly9LWosF5c0VtJ0gTEpRXtXvz1Zpp2FRXxVuikhH7JPJKZbwCONLfaOkMWRKmkQeoQDmSR4TFHxGJDqQpjrB0e37Kr-_TmkT4uwGBeC2OMaZLPzBAfm7v8otIzPCo74WheuVO4i1kmfK1Wp3WdVfdlb5SywAUZSXuDGYXiZHI9usMkLjF00QXnTW-yTxvUNFX5oYkb8zJag3E3MZ9V8jyc1Wqo379xNv535uuw2vqZ5NQvjA1YMGUP1roeDqTd0j1Y-UJI2INl9D09dfMmPGCfNKxWH5COumRAZFmQ8ZMn5qhKUlly4Xvak7OqLk1NRl01JHkqCebWTp0uJdfVhNz6jPO3LbgfXU7Or4K2D0OgEyrqIOaaM2upFjqlCXMBdVa4HxslnFvFE5mYQnJjNY2ZjpXlRSGj1CROtFBUM5tsw1JZlWYHiHb-kIqldGGxSt0rITXS02jJQm5UxvsQdsjkuiUpx14Z07wJVkKRI5g5gpm3YPbheD7kxTN0_CW8ieDMBVtc-rDfwZ-3e_gtjzFhiAkq2O7vo_ZgGb_tM872Yal-nZkD56LU6rBZmx8IO-H5 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwED4hGICBRwFRnh6YUFPysuuMvKoWaBeKYItsx5YQKEGQLvx6fHFSECDEFilnxcpn38O--w7gSHGjjDVkXhAL6sUWYU9kPTzmCFioKZV-iLXDozEb3MVXD_RhDjqzWhitdZV8prv4WN3lZ4Wa4lHZCUfzyq3CXaA2qui5aq1G71q77grfKGWeDTOi-g4z8JOTybB_i2lcSdfGF5xX3ck-rVDVVuWHLq4MTH8VRs3UXF7JU3dayq56_8ba-N-5r8FK7WmSU7c01mFO5y1Ybbo4kHpTt2D5CyVhC5bQ-3TkzRtwj53SsF69Qxrykg4ReUZGj46ao8hJYciF62pPzooy1yXpN_WQ5DEnmF37bLUpGRYTMnY552-bcNe_nJwPvLoTg6cimpReyBVnxlCVqJhGzIbUvcz-2CDi3EgeiUhngmujaMhUKA3PMhHEOrKimaSKmWgL5vMi19tAlPWIZCiEDYxlbF8lQiFBjRLM51r2eBv8BplU1TTl2C3jOa3CFT9JEcwUwUxrMNtwPBvy4jg6_hLeQHBmgjUubdhr4E_rXfyWhpgyxBKasJ3fRx3C4mAyuklvhuPrXVjC77j8sz2YL1-net86LKU8qNbpBw4z5Uo |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Modeling%2C+Analysis%2C+and+Mitigation+of+Dynamic+Botnet+Formation+in+Wireless+IoT+Networks&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=Farooq%2C+Muhammad+Junaid&rft.au=Quanyan+Zhu&rft.date=2019-09-01&rft.pub=IEEE&rft.issn=1556-6013&rft.volume=14&rft.issue=9&rft.spage=2412&rft.epage=2426&rft_id=info:doi/10.1109%2FTIFS.2019.2898817&rft.externalDocID=8638982 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon |