This chapter explains the Literature Review for this project that layout the synopsis of researching of IoT botnet by using machine learning. The Literature Review discussed here provides the compilation from various authors and studies that have made this project before. This is why by comparing and contrasting the choice of using the right methodology is crucial to get a best experience for this project. In this chapter, published information regarding topics related to this project is reviewed and discussed. Besides, the problems related to this project is studied and analyzed. Further information regarding definition of Internet of Things (IoT), IoT issues, taxonomy botnets in IoT, botnet attacks, DDoS attack types, characteristics of botnets to arrange DDoS attacks, overview of Mirai attacks, overview of Hajime attacks, comparison between IoT botnets Mirai and Hajime, techniques for IoT botnets detection using machine learning and the previous research in the area of this topic are studied and the possible solution to the problem is proposed.
2.2 Related Work
2.2.1 Domain Related to this project
According to (Robert et. al, 2017), there are three parts of IoT security areas that are examined such as IoT vulnerabilities, the connected workplace and also IoT management.
i) IoT vulnerabilities
The internet-able devices are significantly increased any devices connected, such as medical devices PCs, and cars, some harmless such as fridge or printer that could any easy route into a network for a hacker. Even these internet-able devices may not prime targets to protect, they still could be route into a network for a hacker to access valuable data or use together to cripple a network.
ii) The Connected Workplace
The lack of security or malicious threats is increased by use hundreds and thousands of internet-connected devices. For example, printers can be connected in the workplace without any security updates and patches of laptops and mobile phones. The key of organizations or enterprises are to have clear view of their IT estate is visibility. The Internet of Thing devices should be considered as endpoint such as computer, mobile and tablet and should be monitored to detect malicious threats. The organizations or enterprises should control monitor, assess, and investigate all endpoints that any compromise can be quickly remediated (Kumbhar, 2017).
iii) IoT Management
There is no standard platform to leverage the development of IoT applications, which means that designers need to start from scratch with each new application. The Applied Science and Technology Research Institute (ASTRI) has developed the “IoT Management and Application Platform” (IMAP). The system supports several technological standards for communication between devices and network architecture. This means the system can be used on different platforms to support IoT devices.
(b) Malware Analysis
Malicious software (malware) exploits vulnerabilities in computing system. Malware includes viruses, worms, Trojan horses, spyware that gather information about a computer user and access to a system without permission. It can appear in the form of code, scripts, active content, or other software. According to Sanjeev and Ankur (2017), Malware programs are divided into 2 classes, first class of malwares needs a host program (viruses, Trojan horses, logic bombs, trapdoors) and second class of malwares are independent programs (worms, zombie). Other categorization of malwares does not replicate (activated by trigger) and others that producing copies of themselves.
Malware (especially viruses and worms) are self-replicate programs. Viruses require user interaction and propagate slower than worms because it needs user interaction while worms do not require user interaction and propagate quickly. All the bots are under the controlled of BotMaster. If bots exist in computer, it is not harmful until it receives command from BotMaster. After receiving the command from BotMaster, it is dangerous for system. These bots are not self-propagated from one network to another network. They are in idle state. After receiving the commands from BotMaster, they propagate from one system/network to system/network and to malicious activities.
Based on Kaspersky Lab report (2017), the reason behind the rise because of the IoT is fragile and exposed in the face of cybercriminals. The vast majority of smart devices are running operating systems based on Linux, making attacks on them easier because criminals can write generic malicious code that targets a huge number of devices simultaneously. Most of them do not even have a security solution and their manufacturers usually do not produce any security updates or new firmware. This means there are millions and millions of potentially vulnerable devices or maybe even devices that have been already compromised.
Figure 2.1 Malware Analysis in year 2013 – 2017 (Kaspersky Lab, 2017)
Smart devices such as smartwatches, smart TVs, routers, and cameras are connecting to each other and building the growing IoT phenomenon, a network of devices equipped with embedded technology that allows them to interact with each other or the external environment. Because of the large number and variety of devices, the IoT has become an attractive target for cybercriminals. By successfully hacking IoT devices criminals are able to spy on people, blackmail them, and even discreetly make them their partners in crime. What’s worse, botnets such as Mirai and Hajime have indicated that the threat is on the rise.
According to Kaspersky Lab report (2017) have conducted research into IoT malware to examine how serious the risk is. The report stated that the team have set up artificial networks, which simulate the networks of different IoT devices (routers, connected cameras etc.) to observe malware attempting to attack their virtual devices. Most of the attacks registered by the company’s experts targeted digital video recorders or IP cameras (63%), and 20% of hits were against network devices, including routers, and DSL modems, etc. About 1% of targets were people’s most common devices, like printers and smart home devices.