Skip to main content

PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things

STRICT SociaLab members Prof. Elena Ferrari, Prof. Barbara Carminati, and Ahmed Lekssays have published their new paper entitled: “PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things” at Computer Networks journal.

The following is the abstract of the new publication:

Botnets have become a major threat in the Internet of Things (IoT) landscape, due to the damages that these sets of compromised IoT devices may cause. To increase their attacks’ success, modern botnets are designed in a distributed manner, following a P2P structure. Recently, several botnet detection solutions have been proposed. Among them, community behavior analysis solutions seem to be promising because of their high detection accuracy. However, such solutions are not optimized for real life scenarios since they only run in a static mode, that is, reading all network traffic at once. As such, they do not support real-time data analysis. In order to handle such issue, these solutions should run in a dynamic distributed environment where different actors participate in the detection process. However, this collaborative environment brings up the issue of trust among the actors.

To address this issue, in this paper, we present PAutoBotCatcher, a dynamic botnet detection framework based on community behavior analysis among peers managed by different actors. PAutoBotCatcher leverages on blockchain to ensure immutability and transparency among all actors. To optimize continuous detection while keeping good accuracy, we design a set of optimization techniques, such as caching detection’s output and pre-processing the shared network traffic. In addition, we leverage on different privacy-preserving techniques to protect devices from re-identification during the botnet detection process. We have extensively tested our solution to show its effectiveness and to demonstrate that blockchain is a good solution for dynamic botnet detection.

LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks

STRICT SociaLab members Prof. Elena Ferrari, Prof. Barbara Carminati, and Ahmed Lekssays have published their new paper entitled: “LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks” at ESORICS 2021 with a collaboration with Dr. Šarūnas Girdzijauskas and Lodovico Giaretta from KTH Institute of Technology in Stockholm, Sweden in the framework of the RAIS project.

The following is the abstract of the new publication:

IoT devices have been growing exponentially in the last few years. This growth makes them an attractive target for attackers due to their low computational power and limited security features. Attackers use IoT botnets as an instrument to perform DDoS attacks which caused major disruptions of Internet services in the last decade. While many works have tackled the task of detecting botnet attacks, only a few have considered early-stage detection of these botnets during their propagation phase.

While previous approaches analyze each network packet individually to predict its maliciousness, we propose a novel deep learning model called LiMNet (Lightweight Memory Network), which uses an internal memory component to capture the behaviour of each IoT device over time. This memory incorporates both packet features and behaviour of the peer devices. With this information, LiMNet achieves almost maximum AUROC classification scores, between 98.8% and 99.7%, with a 14% improvement over state of the art. LiMNet is also lightweight, performing inference almost 8 times faster than previous approaches.