Fauthesis Sample File
Total Page:16
File Type:pdf, Size:1020Kb
A NETWORK TELESCOPE APPROACH FOR INFERRING AND CHARACTERIZING IOT EXPLOITATIONS by Nataliia Neshenko AThesisSubmittedtotheFacultyof The College of Engenireeng & Computer Science In Partial Fulfillment of the Requirements for the Degree of Master of Science Florida Atlantic University Boca Raton, FL August 2018 Copyright 2018 by Nataliia Neshenko ii ACKNOWLEDGEMENTS Iwouldliketoexpressmysinceregratitudetoeverypersonwhowasapartof my academic journey for all the support they have given me during this time. It has been honor and pleasure to work with my thesis advisor and mentor Dr. Bou-Harb, who certainly made a profound impact on my future career. His guidance had helped me navigate through the endless ocean of information and form solid knowledge in this field. His critical feedback had sharpened my ability to challenge every part of my work to produce an outcome that I can be proud of. By being an outstanding mentor, he had inspired me to soar above a level that seems to be impossible and had taught me how to encourage people to discover their potential and shape themselves. I would like to express my deep gratitude in advance to the committee members for their constructive feedback and valuable comments. This journey would not be possible without people who had shared with me the treasure of their knowledge. Dr. Mihaela Cardei, Dr. Eduardo Fernandez, Dr. Shihong Huang, Dr. Taghi Khoshgoftaar, Dr. Mehrdad Nojoumian, Dr. Dingding Wang, and Dr. KwangSoo Yang had been fantastic teachers who had given me a lot of things to think about besides homework, who had taught me to ask questions that unlock my passion for learning and exploring. I would like to thank my Lab mates Mario Galluscio, Yongliang Huang, Eric Oster, Morteza Safaei Pour, Martin Husak, Kurt Friday, and Dominic Cassisa for their endless support and infectious enthusiasm. I wish them to be in love with everything they are doing and to achieve the results that are worthy of recognition. My academic life would not be so delightful without a cheerful character of Dr. iv Borko Furht, Jean Mangiaracina, and Dr. Mirjana Pavlovic, whose infinite kindness and care had touched every corner of my heart and had taught me how to be a warmhearted person. My exceptional gratitude goes to my family, who had created the memorable moments for me so that I could sense the world outside of academia. I am grateful that they had seen the world with my eyes and support me in my endeavors. v ABSTRACT Author: Nataliia Neshenko Title: A Network Telescope Approach for Inferring and Characterizing IoT Exploitations Institution: Florida Atlantic University Thesis Advisor: Dr. Elias Bou-Harb Degree: Master of Science Year: 2018 While the seamless interconnection of IoT devices with the physical realm is envisioned to bring a plethora of critical improvements on many aspects and in diverse domains, it will undoubtedly pave the way for attackers that will target and exploit such devices, threatening the integrity of their data and the reliability of critical infrastructure. The aim of this thesis is to generate cyber threat intelligence related to Internet-scale inference and evaluation of malicious activities generated by compromised IoT devices to facilitate prompt detection, mitigation and prevention of IoT exploitation. In this context, we initially provide a unique taxonomy, which sheds the light on IoT vulnerabilities from five di↵erent perspectives. Subsequently, we address the task of inference and characterization of IoT maliciousness by leveraging active and passive measurements. To support large-scale empirical data analytics in the context of IoT, we made available corresponding raw data through an authenticated platform. vi I dedicate this thesis to my loving family that is my endless source of inspiration. A NETWORK TELESCOPE APPROACH FOR INFERRING AND CHARACTERIZING IOT EXPLOITATIONS List of Tables .............................. x List of Figures ............................. xi 1 Introduction .............................. 1 1.1 Context and Motivation ......................... 2 1.2 Objectives and Contributions ...................... 4 1.3 Thesis Outcomes ............................. 6 1.4 Organization ............................... 7 2 Demystifying IoT Security: An Exhaustive Survey on IoT Vulner- abilities ................................. 8 2.1 Related Surveys .............................. 9 2.2 Methodology ............................... 15 2.3 IoT Vulnerabilities ............................ 17 2.4 Taxonomy of IoT Vulnerabilities: Layers, Impacts, Attacks, Remedia- tion and Situational Awareness Capabilities .............. 20 2.4.1 Taxonomy Overview ....................... 20 2.4.2 Layers ............................... 23 2.4.3 Security Impact .......................... 30 2.4.4 Attacks .............................. 36 2.4.5 Remediation ............................ 47 2.4.6 Situational Awareness Capabilities ............... 58 viii 3 Inferring IoT Maliciousness ...................... 72 3.1 Proposed Approach ............................ 72 3.1.1 Exploiting Darknet Data ..................... 73 3.1.2 Probing Inference ......................... 75 3.1.3 Correlation with Active Measurements ............. 76 3.1.4 Generating IoT-Specific Malicious Signatures .......... 78 3.2 Empirical Evaluation ........................... 79 3.2.1 First Emeprical Look on Internet-scale Exploitation of IoT Devices .............................. 80 3.2.2 Characterization and Signature Generation ........... 83 3.2.3 A Closer Look into Hosting Environment ............ 87 4 Generating and Sharing IoT-centric Cyber Threat Intelligence .93 4.1 Server Core Function ........................... 94 4.1.1 Data Aggregation Module .................... 94 4.1.2 Data Processing Module ..................... 96 4.1.3 Auxiliary Functions ........................ 96 4.2 Client-side Core Components ...................... 97 4.3 Performance Evaluation ......................... 100 4.3.1 Working Environment ...................... 100 4.3.2 Processing Time Evaluation ................... 101 4.3.3 Optimization ........................... 102 5 Concluding Remarks and Future Perspectives ........... 103 5.1 Challenges and Future Perspective ................... 104 Bibliography .............................. 109 ix LIST OF TABLES 2.1 A classification of reviewed surveys on IoT ............... 14 2.2 Summary of KMS implementation barriers ............... 25 2.3 E↵ect of various security mechanisms on energy consumption ..... 26 2.4 IoT vulnerabilities at di↵erent architectural layers ........... 29 2.5 Security impact of IoT vulnerabilities .................. 35 2.6 Attacks targeting IoT paradigm ..................... 46 2.7 Summary of remediation strategies ................... 57 2.8 IoT security situational awareness capabilities ............. 69 2.9 Intrusion detection techniques deployed in IoT environments ..... 70 3.1 IoT devices related to various CPS deployments ............ 80 3.2 Signatures for fingerprinting unsolicited IoT devices .......... 87 3.3 Number of infected IoT devices and scanning activities by country .. 90 3.4 Top ISPs hosting the most IoT exploitations .............. 91 3.5 Number of IoT DDoS victims and attacks by country ......... 91 3.6 Top 4 ISPs hosting IoT DDoS victims in China ............ 92 3.7 ISPs hosting IoT DDoS victims in countries with the highest number of IoT exploitations ............................ 92 x LIST OF FIGURES 1.1 IoT’s penetration into contemporary life ................ 2 2.1 Distribution of analyzed IoT research works by year .......... 16 2.2 A categorization of IoT vulnerabilities ................. 22 2.3 Malware which exploit (IoT) default user credentials ......... 27 2.4 Mirai attack process ........................... 37 2.5 Stages of firmware modification attack ................. 40 2.6 Node capturing attack phases ...................... 43 3.1 Inferring and mitigating Internet-scale unsolicited IoT devices: a net- work telescope approach ......................... 73 3.2 Network telescopes capturing Internet-scale IoT unsolicited traffic .. 74 3.3 Distribution of IoT devices deployed in consumer and CPS realms .. 81 3.4 Distribution of exploited IoT devices deployed in consumer and CPS realms ................................... 81 3.5 Internet-scale distribution of exploited IoT devices deployed in CPS realms ................................... 82 3.6 Top 6 ISPs hosting compromised IoT devices in CPS realms .... 83 3.7 Distribution of investigated IoT devices by type ............ 84 3.8 Distribution of exploited IoT devices .................. 85 3.9 Global distribution of exploited IoT devices .............. 86 3.10 IoT devices: global exploitations and DoS victims ........... 88 3.11 Exploitations/victims by business sectors ................ 89 4.1 Framework of the Siot platform for inferring and characterizing Internet- scale exploitations ............................. 93 xi 4.2 Components of the Siot platform for inferring and characterizing Internet-scale exploitations ........................ 95 4.3 A screenshot of the central dashboard .................. 98 4.4 A screnshot of country exploitation index dashboard ......... 99 4.5 A detailing dashboard perspective on the country exploitation index . 99 4.6 A screenshot of business sectors exploitation index dashboard .... 100 4.7 Elapsed time related to the inferrence and characterization of unsolicited IoT devices ................................ 101 xii CHAPTER 1 INTRODUCTION The conception of the prominent