The Journal of Supercomputing

, Volume 75, Issue 12, pp 8312–8338 | Cite as

Detecting and confronting flash attacks from IoT botnets

  • C. U. Om KumarEmail author
  • Ponsy R. K. Sathia Bhama


Gone are the days when cloud providers were attacked by flash crowds causing a DoS or malware running on a very large number of servers creating a DDoS. As the number of IoT devices connected to the Internet steadily increases, the cloud faces threats of flash crowds of IoT botnets controlled by malware such as Mirai, Bashlite and cryptojacking. In this paper, we propose and implement an adaptive filter that curtails DDoS attacks from a variety of compromised IoT bots. Experiments conclude that detection of IoT Botnets can be achieved with an accuracy rate of 99.69% and the detection of cryptojacking with a misclassification rate of 1.5%. The performance of the proposed adaptive filter is tested using the Amazon public cloud platform, and the results show that the adaptive filter can significantly reduce illegitimate botnet requests from variants such as FBOT, ARIS, EXIENDO and APEP and can reduce the instances processing time by 19%, connection time by 34% and the waiting time by 18%.


Flash crowd Load balancer Filter IoT bot Botnet DoS DDoS Cryptojacking 



I acknowledge all the anonymous reviewers for providing their valuable comments which helped in enhancing the quality of the work.


  1. 1.
    Moghaddam Z, Ahmad I, Habibi D, Phung QV (2018) Smart charging strategy for electric vehicle charging stations. IEEE Trans Transp Electr 4(1):76–88CrossRefGoogle Scholar
  2. 2.
    Figueiredo J, da Costa JS (2012) A SCADA system for energy management in intelligent buildings. Energy Build 49:85–98CrossRefGoogle Scholar
  3. 3.
    Jara A, Zamora M, Skarmeta A (2010) An architecture based on internet of things to support mobility and security in medical environments. In: IEEE, pp 1–5Google Scholar
  4. 4.
    Scott C, Carbone R (2014) Designing and implementing a honeypot for a SCADA network. SANS Institute Reading RoomGoogle Scholar
  5. 5.
    Zanella A, Bui N, Castellani A, Vangelista L, Zorzi M (2014) Internet of things for smart cities. IEEE Internet Things J 1(1):22–32CrossRefGoogle Scholar
  6. 6.
    Rao BBP, Saluia P, Sharma N, Mittal A, Sharma SV (2012) Cloud computing for internet of things and sensing based applications. In: Sixth International Conference on Sensing Technology (ICST), pp 374–380Google Scholar
  7. 7.
    Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Future Gener Comput Syst 82:761–768CrossRefGoogle Scholar
  8. 8.
    Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access 6:7700–7712CrossRefGoogle Scholar
  9. 9.
    Prokofiev AO, Smirnova YS, Surov VA (2018) A method to detect Internet of Things botnets. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp 105–108Google Scholar
  10. 10.
    Bertino E, Islam N (2017) Botnets and internet of things security. Computer 2:76–79CrossRefGoogle Scholar
  11. 11.
    Ukil A, Sen J, Koilakonda S (2011) Embedded security for internet of things. In: Emerging Trends and Applications in Computer Science (NCETACS), pp 1–6Google Scholar
  12. 12.
    Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) IoDDoS—the internet of distributed denial of service attacksGoogle Scholar
  13. 13.
    Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDoS detection for consumer internet of things devices. In: 2018 IEEE security and privacy workshops (SPW)Google Scholar
  14. 14.
    De Donno M, Dragoni N, Giaretta A, Mazzara M (2016) AntibIoTic: protecting IoT devices against DDoS attacks. In: International Conference in Software Engineering for Defence Applications, pp 59–72Google Scholar
  15. 15.
    Thapngam T, Yu S, Zhou W, Beliakov G (2011) Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. In: 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp 952–957Google Scholar
  16. 16.
    Zhang U, Luo X, Perdisci R, Gu G, Lee W, Feamster N (2011) Boosting the scalability of botnet detection using adaptive traffic sampling. In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS)Google Scholar
  17. 17.
    De Paula U, de Oliveira D, Frota Y, Barbosa VC, Drummond L (2015) Detecting and handling flash-crowd events on cloud environments. arXiv preprint arXiv:1510.03913
  18. 18.
    Stavrou A, Rubenstein D, Sahu S (2002) A lightweight, robust p2p system to handle flash crowds. In: IEEE International Conference on Network Protocols, pp 226–235Google Scholar
  19. 19.
    Ari I, Hong B, Miller EL, Brandt SA, De Long D (2003) Managing flash crowds on the internet. In: IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, pp 246–249Google Scholar
  20. 20.
    Chen X, Heidemann J (2005) Flash crowd mitigation via adaptive admission control based on application-level observations. ACM Trans Internet Technol (TOIT) 5(3):532–569CrossRefGoogle Scholar
  21. 21.
    Ramamurthy P, Sekar V, Akella A, Krishnamurthy B, Shaikh A (2007) Using mini-flash crowds to infer resource constraints in remote web servers. In: ACM Proceedings of the 2007 SIGCOMM Workshop on Internet Network Management, pp 250–255Google Scholar
  22. 22.
    Atajanov M, Shimokawa T, Yoshida N (2007) Autonomic multi-server distribution in flash crowds alleviation network. In: International Conference on Embedded and Ubiquitous Computing. Springer, pp 309–320Google Scholar
  23. 23.
    Zeidan Loo HR, Manaf AA (2011) Botnet command and control mechanisms. In: Second International Conference on Computer and Electrical Engineering, ICCEE ‘09. pp 564–568Google Scholar
  24. 24.
    Plohmann D, Gerhards-Padilla E (2018) Case study of miner botnet. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–16Google Scholar
  25. 25.
    Murynets I, Jover RP (2013) Anomaly detection in cellular machine-to-machine communications. In: 2013 IEEE International Conference on Communications (ICC), Budapest, pp 2138–2143Google Scholar
  26. 26.
    Liu CM, Chen SY, Zhang Y, Chen R, Guo KL (2012) An IoT anomaly detection model based on artificial immunity. In: Advances materials research, vol 424. Trans Tech Publications, pp 625–628Google Scholar
  27. 27.
    Bringer ML, Chelmecki CA, Fujinoki H (2012) A survey: recent advances and future trends in honeypot research. Int J Comput Netw Inf Secur 4(10):63Google Scholar
  28. 28.
    Guarnizo JD, Tambe A, Bhunia SS, Ochoa M, Tippenhauer NO, Shabtai A, Elovici Y (2017) Siphon: towards scalable high-interaction physical honeypots. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, pp 57–68Google Scholar
  29. 29.
    Tuor A, Kaplan S, Hutchinson B, Nichols N, Robinson S (2017) Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In: Workshops at the Thirty-First AAAI Conference on Artificial IntelligenceGoogle Scholar
  30. 30.
    Dong X, Hu J, Cui Y (2018) Overview of botnet detection based on machine learning. In: 2018 3rd International Conference on Mechanical, Control and Computer Engineering (ICMCCE), pp 476–479Google Scholar
  31. 31.
    Binkley JR, Singh S (2006) An algorithm for anomaly-based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI’06)Google Scholar
  32. 32.
    Gu G, Porras P, Yegneswaran V, Fong M, Lee W (2007) BotHunter: detecting malware infection through IDS-driven dialog correlation. In: Proceedings of the 16th USENIX Security Symposium on USENIX Security Symposium (SS’07)Google Scholar
  33. 33.
    Zeidanloo HR, Manaf A, Ahmad R, Zamani M, Chaeikar S (2010) A proposed framework for P2P botnet detection. Int J Eng Technol 2(2):161Google Scholar
  34. 34.
    Yen T-F, Reiter MK (2008) Traffic aggregation for malware detection. In: Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ‘08)Google Scholar
  35. 35.
    Jelasity M, Bilicki V, et al (2009) Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET’09)Google Scholar
  36. 36.
    Villamarin-Salomon R, Brustoloni JC (2008) Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Proceedings of the 5th IEEE Consumer Communications and Networking Conference (CCNC’08)Google Scholar
  37. 37.
    Nagaraja S, Mittal P, Hong CY, et al (2010) BotGrep: finding P2P bots with structured graph analysis. In: Proceedings of the 19th USENIX Conference on Security Symposium. Washington, USA, pp 1–7Google Scholar
  38. 38.
    Gu GF, Perdisci R, Zhang JJ, Lee WK (2008) BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: Proceedings of the 17th USENIX Conference on Security Symposium. San Jose, USA, pp 139–154Google Scholar
  39. 39.
    Gu GF, Zhang JJ, Lee WK (2008) BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the Annual Network and Distributed System Security Symposium. San Diego, USA, pp 1–18Google Scholar
  40. 40.
    Chen S-C, Chen Y-R, Tzeng W-G (2018) Effective botnet detection through neural networks on convolutional features. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), pp 372–378Google Scholar
  41. 41.
    Livadas C, Walsh R, Lapsley D, Strayer T (2006) Analysis of flow records: don’t know: using machine learning techniques to identify botnet traffic. In: Proceedings of the 31st IEEE Conference on Local Computer NetworksGoogle Scholar
  42. 42.
    Bahsi H, Nõmm S, La Torre FB (2018) Dimensionality reduction for machine learning based IoT botnet detection. In: 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV), pp 1857–1862Google Scholar
  43. 43.
    Zhao D, Traore I, Sayed B, Lu W, Saad S, Ghorbani A et al (2013) Botnet detection based on traffic behavior analysis and flow intervals. J Comput Secur 39:2–16CrossRefGoogle Scholar
  44. 44.
    Al-Jarrah OY, Alhussein O, Yoo PD, Muhaidat S, Taha K, Kim K (2016) Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE Trans Cybern 46(8):1796–1806CrossRefGoogle Scholar
  45. 45.
    Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-BaIoT—network-based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22CrossRefGoogle Scholar
  46. 46.
    Gopal TS, Meerolla M, Jyostna G, Eswari PRL, Magesh E (2018) Mitigating Mirai malware spreading in IoT environment. In: 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 2226–2230Google Scholar
  47. 47.
    Habibi J, Midi D, Mudgerikar A, Bertino E (2017) Heimdall: mitigating the internet of insecure things. IEEE Internet Things J 4(4):968–978CrossRefGoogle Scholar
  48. 48.
    Zeidanloo HR, Shooshtari MJZ, Amoli PV, Safari M, Zamani M (2010) A taxonomy of botnet detection techniques. In: IEEEGoogle Scholar
  49. 49.
    Anirudh M, Thileeban SA, Nallathambi DJ (2017) Use of honeypots for mitigating DoS attacks targeted on IoT networks. In: 2017 International Conference on Computer, Communication and Signal Processing (ICCCSP), pp 1–4Google Scholar
  50. 50.
    Khattab SM, Sangpachatanaruk C, Mosse D, Melhem R, Znati T (2014) Roaming honeypots for mitigating service-level denial-of-service attacks. In: 34th International Conference on Distributed Computing Systems, 2014. Proceedings. Tokyo, Japan, pp 328–337Google Scholar
  51. 51.
    Provos N (2012) A virtual honeypot framework. In: USENIX Security Symposium, vol 173, pp 1–14Google Scholar
  52. 52.
    Eskandari S, Leoutsarakos A, Mursch T, Clark J (2018) A first look at browser-based cryptojacking. In: 2018 IEEE European Symposium on Security and Privacy Workshops, pp 58–66Google Scholar
  53. 53.
    Zareh A, Zareh A (2018) BotcoinTrap: detection of bitcoin miner botnet using host based approach. In: 2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC), pp 1–6Google Scholar
  54. 54.
    Carlin D, OrKane P, Sezer S, Burgess J (2018) Detecting cryptomining using dynamic analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp 1–6Google Scholar
  55. 55.
    Hong G, Yang Z, Yang S, Zhang L, Nan Y, Zhang Z, Yang M et al (2018) How you get shot in the back: a systematical study about cryptojacking in the real world. In: 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18), pp 15–19Google Scholar
  56. 56.
    Saad M, Khormali A, Mohaisen A (2018) End-to-end analysis of in-browser cryptojacking. arXiv:1809.02152 [cs.CR], pp 1–15
  57. 57.
    Wyke J, Labs S (2012) The zero access botnet–mining and fraud for massive financial gain, pp 1–60Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer TechnologyMadras Institute of Technology - Anna UniversityChennaiIndia

Personalised recommendations