Security – STRICT SociaLab

MalRec: A Blockchain-based Malware Recovery Framework for Internet of Things

STRICT SociaLab members Prof. Elena Ferrari, Prof. Barbara Carminati, Ahmed Lekssays, and Giorgia Sirigu have published their new paper entitled: “MalRec: A Blockchain-based Malware Recovery Framework for Internet of Things” in the Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES 2022).

The following is the abstract of the new publication:

IoT devices have been considered an attractive target for malware (e.g., botnets) due to their low computational resources and lack of security measures. The literature focuses on detecting malware, but less attention is given to recovery solutions. In addition, with the development of data processing regulations in different countries, a need for transparent recovery systems that can help organizations present their due diligence arises. This work proposes a blockchain-based backup policy enforcement framework for IoT where an organization can formalize backup policies and enforce them. We have run our solution under extensive tests that show that it can be deployed in real-life IoT environments, despite the limited computational resources of IoT devices.

Research Papers Blockchain, Research, Security

PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things

STRICT SociaLab members Prof. Elena Ferrari, Prof. Barbara Carminati, and Ahmed Lekssays have published their new paper entitled: “PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things” at Computer Networks journal.

The following is the abstract of the new publication:

Botnets have become a major threat in the Internet of Things (IoT) landscape, due to the damages that these sets of compromised IoT devices may cause. To increase their attacks’ success, modern botnets are designed in a distributed manner, following a P2P structure. Recently, several botnet detection solutions have been proposed. Among them, community behavior analysis solutions seem to be promising because of their high detection accuracy. However, such solutions are not optimized for real life scenarios since they only run in a static mode, that is, reading all network traffic at once. As such, they do not support real-time data analysis. In order to handle such issue, these solutions should run in a dynamic distributed environment where different actors participate in the detection process. However, this collaborative environment brings up the issue of trust among the actors.

To address this issue, in this paper, we present PAutoBotCatcher, a dynamic botnet detection framework based on community behavior analysis among peers managed by different actors. PAutoBotCatcher leverages on blockchain to ensure immutability and transparency among all actors. To optimize continuous detection while keeping good accuracy, we design a set of optimization techniques, such as caching detection’s output and pre-processing the shared network traffic. In addition, we leverage on different privacy-preserving techniques to protect devices from re-identification during the botnet detection process. We have extensively tested our solution to show its effectiveness and to demonstrate that blockchain is a good solution for dynamic botnet detection.

security and privacy Blockchain, Iot, Privacy, Security

LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks

STRICT SociaLab members Prof. Elena Ferrari, Prof. Barbara Carminati, and Ahmed Lekssays have published their new paper entitled: “LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks” at ESORICS 2021 with a collaboration with Dr. Šarūnas Girdzijauskas and Lodovico Giaretta from KTH Institute of Technology in Stockholm, Sweden in the framework of the RAIS project.

The following is the abstract of the new publication:

IoT devices have been growing exponentially in the last few years. This growth makes them an attractive target for attackers due to their low computational power and limited security features. Attackers use IoT botnets as an instrument to perform DDoS attacks which caused major disruptions of Internet services in the last decade. While many works have tackled the task of detecting botnet attacks, only a few have considered early-stage detection of these botnets during their propagation phase.

While previous approaches analyze each network packet individually to predict its maliciousness, we propose a novel deep learning model called LiMNet (Lightweight Memory Network), which uses an internal memory component to capture the behaviour of each IoT device over time. This memory incorporates both packet features and behaviour of the peer devices. With this information, LiMNet achieves almost maximum AUROC classification scores, between 98.8% and 99.7%, with a 14% improvement over state of the art. LiMNet is also lightweight, performing inference almost 8 times faster than previous approaches.

security and privacy Blockchain, Iot, Security

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.