An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA)

The proliferation of insecure Internet-connected devices gave rise to the IoT botnets which can grow very large rapidly and may perform high-impact cyber-attacks. related studies for tackling are concerned with either capturing or analyzing botnet samples, using honeypots sandboxes, respectively. lack integration between two implies that samples captured by must be manually submitted analysis in introducing a delay during change its operation. Furthermore, effectiveness proposed sandboxes is limited potential use anti-analysis techniques inability identify features effective detection identification botnets. In this paper, we propose evaluate novel framework, IoT-BDA automated capturing, analysis, identification, reporting framework consists integrated sandbox supports wider range hardware software configurations, indicators compromise attack, along anti-analysis, persistence, anti-forensics techniques. These make infection remedy more effective. reports findings blacklist abuse service facilitate suspension. paper also describes discovered anti-honeypot measures applied reduce risk honeypot detection. Over period seven months, captured, analyzed, reported 4077 unique samples. results show some used typically seen traditional