Contact tracing strategy to isolate infectious bots in mitigating iot botnet propagation and preserve object of forensic interest

The emergence of Internet of Things (IoT) can facilitate and revolutionize various aspects of people’s lives. However, most IoT devices are vulnerable to botnet attacks. To defend these devices against botnet attacks, first approach is to detect the transmission rate of the botnet infection based on the impact of network or bot’s parameters. The second approach is to mitigate the size of the botnet infection by limiting the impact of the attack. The third approach is to ensures other nodes interacting with the existing bots are not infected. Notably, contact tracing strategy as an epidemic concept detects the impact of the infectious bots and isolates them from the network, thus minimizing the size of the botnet attack. Motivated by these, this thesis is aimed at overcoming three research gaps in line with defending IoT-WSN against botnet attack using contact tracing strategy. adding double space adding double space adding double space addi In the abandon stage of the botnet life cycle, bots’ memory efficiency affect the botmaster’s decision to select or abandon the infectious bots for onward propagation of the attack. However, from the existing literature no work has actually studied the impact of memory-efficient bots on IoT botnet transmission rate. Hence, the first contribution in this thesis conceptualizes botmaster behavior with respect to the bots’ memory availability. In this context, an abandoned class is introduced into the epidemic model by defining an abandon rate which prioritizes the memory-efficient bots during propagation. This model detects the impact of memory-efficient bots on the transmission rate of the botnet infection (which is generally unknown). Results from simulations show that the transmission rate of the botnet infection increases by 25.31% to 26.9% as the botmaster exploits the memory-efficient bots. In the absence of an effective vaccine to mitigate malware propagation, contact tracing strategy is deployed to isolate the infectious nodes in order to minimize their impact on the attack. However, available literature shows that immunization and patching methods are predominantly used to limit the size of the IoT botnet infection. These methods are considered ineffective as the bots often update with new exploits that make the recovered devices vulnerable to the same attack. In this thesis, contact tracing strategy has been adopted in mitigating IoT botnet propagation such that infectious bots are transferred to the forensic class. To achieve this, an isolation parameter based on a sensor node sleeping rate transform the infectious bots into an inactive mode. Results obtained from simulations show that there is 25.67% decrease in the botnet infection peak value, 2 hours delay in the infection peak period and 33.33% delay in the propagation time. adding double space adding double space adding double space adding double space adding double space adding double space Similarly, with the transfer of infectious bots to the forensic class, preserving these nodes remains a challenge due to autonomous interactions and packet collisions. Motivated by the concept of quarantine, the third contribution in this thesis quarantine the infectious bots by deriving a model that associates a safe-carrier sensing power threshold to the forensic class which minimizes packet collision. Consequently, the result shows that 66.67% of forensic nodes are preserved in the IoT platform.

Text FSKTM 2022 7 IR.pdf Download (1MB)

Actions (login required)

View Item