Ruyu Li, Lihua Yin, Yuanfei Zhang, Kexiang Qian, Xi Luo
{"title":"FastIoTBot:通过长短期记忆网络快速检测异常域查询来识别物联网机器人","authors":"Ruyu Li, Lihua Yin, Yuanfei Zhang, Kexiang Qian, Xi Luo","doi":"10.1109/ICCECE58074.2023.10135366","DOIUrl":null,"url":null,"abstract":"Along with the progression in technology, Internet of Things (IoT) has been dramatically developed in recent ten years. It connects physical world and digital world, which makes people's life more convenient. However, IoT devices have bring great vulnerability to Internet security since they usually under weak protection, which makes them easy to be exploited by criminals to launch multiple attacks. In fact, IoT devices have been a crucial part of botnets that launch horrible Distributed Denial of Service (DDoS) with explosive traffic. Unfortunately, traditional detection works have limited effectiveness face IoT botnets because of the restricted resources of IoT devices and unprecedented huge scale of IoT botnets. To mitigate the threat of IoT botnets, in this paper, we propose a lightweight system, named FastIoTBot, to discover compromised IoT devices in a fast way. FastIoTBot can distinguish compromised IoT devices instantly and prevent potential malicious behaviors by examining domain query activities. Specifically, FastIoTBot monitors the DNS query for a device and generates its NXDOMAIN query sequence. Then, for each domain in the sequence, FastIoTBot takes the domain name string as input and calculates its malicious score using long short-term memory (LSTM) model. Finally, FastIoTBot identifies compromised IoT devices through analyzing NXDOMAIN sequences with internal domains' malicious score leveraging threshold random walk (TRW) algorithm. The effectiveness of FastIoTBot is evaluate with real world DNS data of two large ISP networks. The results show that FastIoTBot perform well with over 99% accuracy.","PeriodicalId":120030,"journal":{"name":"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FastIoTBot: Identifying IoT Bots by Fast Detecting Anomalous Domain Queries with Long Short-Term Memory Networks\",\"authors\":\"Ruyu Li, Lihua Yin, Yuanfei Zhang, Kexiang Qian, Xi Luo\",\"doi\":\"10.1109/ICCECE58074.2023.10135366\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Along with the progression in technology, Internet of Things (IoT) has been dramatically developed in recent ten years. It connects physical world and digital world, which makes people's life more convenient. However, IoT devices have bring great vulnerability to Internet security since they usually under weak protection, which makes them easy to be exploited by criminals to launch multiple attacks. In fact, IoT devices have been a crucial part of botnets that launch horrible Distributed Denial of Service (DDoS) with explosive traffic. Unfortunately, traditional detection works have limited effectiveness face IoT botnets because of the restricted resources of IoT devices and unprecedented huge scale of IoT botnets. To mitigate the threat of IoT botnets, in this paper, we propose a lightweight system, named FastIoTBot, to discover compromised IoT devices in a fast way. FastIoTBot can distinguish compromised IoT devices instantly and prevent potential malicious behaviors by examining domain query activities. Specifically, FastIoTBot monitors the DNS query for a device and generates its NXDOMAIN query sequence. Then, for each domain in the sequence, FastIoTBot takes the domain name string as input and calculates its malicious score using long short-term memory (LSTM) model. Finally, FastIoTBot identifies compromised IoT devices through analyzing NXDOMAIN sequences with internal domains' malicious score leveraging threshold random walk (TRW) algorithm. The effectiveness of FastIoTBot is evaluate with real world DNS data of two large ISP networks. The results show that FastIoTBot perform well with over 99% accuracy.\",\"PeriodicalId\":120030,\"journal\":{\"name\":\"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCECE58074.2023.10135366\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCECE58074.2023.10135366","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
FastIoTBot: Identifying IoT Bots by Fast Detecting Anomalous Domain Queries with Long Short-Term Memory Networks
Along with the progression in technology, Internet of Things (IoT) has been dramatically developed in recent ten years. It connects physical world and digital world, which makes people's life more convenient. However, IoT devices have bring great vulnerability to Internet security since they usually under weak protection, which makes them easy to be exploited by criminals to launch multiple attacks. In fact, IoT devices have been a crucial part of botnets that launch horrible Distributed Denial of Service (DDoS) with explosive traffic. Unfortunately, traditional detection works have limited effectiveness face IoT botnets because of the restricted resources of IoT devices and unprecedented huge scale of IoT botnets. To mitigate the threat of IoT botnets, in this paper, we propose a lightweight system, named FastIoTBot, to discover compromised IoT devices in a fast way. FastIoTBot can distinguish compromised IoT devices instantly and prevent potential malicious behaviors by examining domain query activities. Specifically, FastIoTBot monitors the DNS query for a device and generates its NXDOMAIN query sequence. Then, for each domain in the sequence, FastIoTBot takes the domain name string as input and calculates its malicious score using long short-term memory (LSTM) model. Finally, FastIoTBot identifies compromised IoT devices through analyzing NXDOMAIN sequences with internal domains' malicious score leveraging threshold random walk (TRW) algorithm. The effectiveness of FastIoTBot is evaluate with real world DNS data of two large ISP networks. The results show that FastIoTBot perform well with over 99% accuracy.