IoT devices have grown drastically in the last decade because of their usefulness in many industrial applications. They have increased from 13.4 billion in 2015 to 38.5 billion in 2020, 285%.
Due to this growth, IoT devices have become an attractive target for attackers to perform various attacks, such as DDoS (Distributed Denial of Service). IoT devices are considered the weakest link in companies’ security chain since they are not usually well tested and secured against cyber attacks due to, for example, the adoption of weak passwords and unencrypted network services. In addition, they have low computation power to run sophisticated security solutions. As a result, attackers can easily inject malicious software (malware) into IoT devices to take control of them or steal private information.

In this project, we focus on malware threats and leverage the NIST SP 800-83 Malware Incident Prevention and Handling guidelines, one of the leading guidelines in malware incident response. The NIST SP 800-83 has four phases: preparation, detection, containment and eradication, and recovery. The preparation phase is mainly for raising awareness about malware threats in companies, so it is out of scope for this dissertation. More precisely, in this dissertation, we focus on the three last phases of NIST SP 800-83: detection, containment, and recovery. Additionally, we focus on collaboratively mitigating malware attacks since IoT networks are heterogeneous and involve several organizations. Thus, it is important that the malware incident response process is collaborative and based on threat information sharing. Since this collaborative process can involve several organizations that do not trust each other, an effective framework for detecting, containing, and recovering from malware attacks is needed to ensure traceability and integrity of the shared threat information and the implemented mitigation actions. This dissertation proposes a generic framework based on NIST SP 800-83 guidelines that leverages blockchain. We leverage blockchain to ensure the correct execution of NIST SP 800-83 guidelines to solve the issue of weak trust relationships that might hold among the involved organizations. In addition, blockchain offers smart contracts which are autonomously executed programs where custom logic can be encoded. Blockchain guarantees that the execution of the encoded logic was correct. To this end, it ensures the accountability, integrity, and immutability of the shared data and the execution of smart contracts.

The work in this dissertation has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813162. The content of this work reflects the views only of their author(s). The European Commission/ Research Executive Agency are not responsible for any use that may be made of the information it contains.

Publications
  1. Lekssays, A., Landa, L., Carminati, B., & Ferrari, E. (2021). PAutoBotCatcher: A blockchain-based privacy-preserving botnet detector for Internet of Things. Computer Networks, 200, 108512.
  2. Giaretta, L., Lekssays, A., Carminati, B., Ferrari, E., & Girdzijauskas, Š. (2021, October). LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks. In European Symposium on Research in Computer Security (pp. 605-625). Springer, Cham.
  3. Lekssays, A., Sirigu, G., Carminati, B., & Ferrari, E. (2022, August). MalRec: A Blockchain-based Malware Recovery Framework for Internet of Things. In Proceedings of the 17th International Conference on Availability, Reliability and Security (pp. 1-8).