Internet of Things (IoT) is the advance transformative in the world of internet. IoT can possibly influence our lifestyles to be more convenient and also make our lives simpler. IoT device means physical devices connect to Internet base on traditional telecommunications with address, moreover could search and communicate each other by Raylin et al. (2014). Besides, IoT have a wide range of applications that consist of smart city, smart home, autonomous vehicles, smart traffic and parking control, smart metering and smart grids, industrial control systems and also medical and healthcare by (Kishore, 2017). The one particularly dangerous part of cybercrime is the threat forced by IoT botnets. With the developing trend of Internet empowered devices and the rise of the IoT, cybercrimes, for example, those carried out by IoT botnets turns into a major issue. Based on (Spamhous Malware Lab, 2018) report, IoT malware ranked second place found in 2017.
Figure 1.1 The ranking of malware in year 2017 (Spamhous Malware Lab, 2018)
According to the (IT security company Kaspersky Rene Millman, 2017), the amount of malware targeting IoT devices more than doubled in 2016. The types of devices from which the attacks originated, over 63 percent of them were identified as DVR services or IP cameras, while about 20 percent were network devices and routers from major manufacturers. One percent were Wi-Fi repeaters and other network hardware, TV tuners, VOIP devices, Tor exit nodes, printers and ‘smart home’ devices. Some one in five, meanwhile, could not be identified. According to Antonakakis et al. (2017), the IP cameras, routers, DVRs and some other smart internet connected appliances are at risk of attack. The figure 1.2 describe the IoT botnets attack by country in year 2017. Based on Kaspersky Lab report, South Korea (46.43%) has the highest percentage of IoT botnet attacks compared to Canada, Turkey, and Lithuania (1.19% each) that has the lowest percentage of attacks.
Figure 1.2 IoT botnets attack by country in year 2017 (Rene, 2017)
In fact, the large number of uncertain devices with high computation power make them an easy and attractive target for attackers seeking to compromise these devices and use them to create large-scale IoT botnets by Elisa et al. (2017). According to (Robert, (2017), users are often unaware of their system being infected, as infected devices will stay idle until they receive commands from their commander to start an attack. A botnet is a group of hijacked Internet-connected devices, each injected with threats used to allow an attacker to control it from a remote location without the knowledge of the device’s rightful owner. From the perspective of hackers, these IoT devices are computing resources that can be used for any type of malicious purposes. Based on Felix report describe that the data privacy leaks because of the security issues in IoT devices. According to (Michael, 2017), keeping IoT devices secure costs time and money, but is crucial in many use cases.
Figure 1.3 Users affected from lack of security in IoT devices (Felix, 2015)
In this project it will focusing on the precipitous rise of Mirai and Hajime IoT botnets in devices that has been growth. According to (Bernard, 2017), The Mirai and Hajime IoT botnets are not new. Since as early as 2000, hackers have been using botnets by gaining access to unsecured devices (usually computers then) in order to create these attacks. The main purpose of IoT botnets attack are for spamming, identity theft, information stealing, reputation theft, botnet hosting services, click fraud, manipulating online polls and also attacking bank computers by (Sorensen, 2017). Some IoT botnets are also operated with worse intent, for example performing Distributed Denial-of-Service Attacks (DDoS) attacks.
1.1 Problem Statement (PS)
The number of malicious programs attacking the IoT has more than doubled in 2017. Worldwide, smart devices now number 6 billion, and many of them are vulnerable, making them a juicy prospect for intruders by (Kaspersky lab, 2017). The main problem of IoT devices are security issues. IoT devices do not have advanced security features and also do not change the default device settings, update passwords, or search for updated firmware until after an IoT botnets attack has occurred. Additionally, IoT devices are often designed with poor security or even none at all. Internet is already very complex to secure, with additional 9+ billion insecure IoT devices, the task has become more difficult by (Kishore, 2017). As users are often designed to be plugged in and forgotten about, the users often do not apply security updates and it is easy for an attack on such devices to go unnoticed. Besides, the machine learning uses to classify normal network flows that generated by IoT botnets. The machine learning also to enhance the accuracy of the data analysis for IoT botnets to be more scalable. The challenge is to separate and to filter the important data from the rest and interpret them in a valuable way by (Michael, 2017). According to the Swarnamugi et al. (2016), it is impossible for human to review and understand this data and doing so with traditional methods.
Table 1.1: Summary of Problem Statement (PS).
PS Problem Statement (PS)
PS1 Lack of security on IoT devices.
PS2 Machine learning is not efficient for IoT botnets detection.
1.2 Project Question (PQ)
The project questions are very important in order to help the successfulness and effectiveness of the project. At the end of this project, the user will know either each of the questions had been successfully done or not. This is also one of the way on achieving the objectives of this project.
Table 1.2: Summary of Project Question
PS PQ Project Question
PS1 PQ1 What kind of IoT botnets attack that possible infect in the devices and is there all the IoT botnets attack can be detected?
PS1 PQ2 How the basic operation and the alert will be received to the user effectively and is there any notified alert directly and urgently?
PS2 PQ3 How much easier and effective are the machine learning detection are being used?
1.3 Project Objectives (PO)
Table 1.3: Summary of Project Objectives
PS PQ PO Project Objective
PS1 PQ1 PO1 To study possible attacks which are used to infect IoT devices.
PS1 PQ1 ; PQ2 PO2 To analyze the behavior of IoT botnets attack based on basic mode of operations and communication.
PS2 PQ1, PQ2 ; PQ3 PO3 To measure the best method of machine learning network based on IoT botnets detection.
1.4 Project Scope
The scope of the project is going to be handled as follows:
• Focusing on the IoT botnets namely Mirai and Hajime that exploit in devices which may positively affect user behavior.
• Focusing on IoT botnets attack.
• This project will be use the machine learning as a platform that will detect the IoT botnets.
• This project also will also focus in Linux Operating System.
1.5 Expected Output
The goal of this project is to provides the machine learning techniques for effective detection of IoT botnets flows that have high predictive accuracy. This project also to study, understand, analyze and also summarize the behavior of IoT botnets attack using machine learning. Moreover, in this project need to test the machine learning based classification techniques on flow data captured from Mirai and Hajime botnets only. In addition, this project also need to test the machine learning technique in large-scale network set-ups.
1.6 Thesis Organization
As a conclusion, this chapter helps to comprehend the project background, the target that should be accomplish and issues happened before begun the project. Based on the related topic in this chapter which is the problem statement, project question, project objective, project scope and the expected output concludes that this study want to propose a new approach of machine learning that capable detect the IoT botnets. According to Vladimir et.al. (2017), the growing number of IoT botnets programs focusing on devices and related security incidents demonstrates how genuine the issues of smart device security are. Besides, this project gives the contribution on identify specific IoT botnets attack and its behavior. This project also gives contribution on how the machine learning can be used as simple as detection method in the real environment. The next chapter will be focusing on the literature review that will cover about the model approached and related work about the IoT botnets that affect unsecured devices indirectly give awareness to users how important to have advanced security features. Besides, this project approaches with a comparative analysis of machine learning method of the best results and concluding remarks.