Galluscio, Mario, Neshenko, Nataliia, Bou-Hard, Elias, Huang, Yongliang, Ghani, Nasir, Crichigno, Jorge et Kaddoum, Georges.
2017.
« A first empirical look on internet-scale exploitations of IoT devices ».
In IEEE 28th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC) (Montreal, QC, Canada, Oct. 8-13, 2017)
Piscataway, NJ, USA : IEEE.
Compte des citations dans Scopus : 16.
Prévisualisation |
PDF
Kaddoum G 2017 16003 A first empirical look on internet-scale.pdf - Version acceptée Licence d'utilisation : Tous les droits réservés aux détenteurs du droit d'auteur. Télécharger (1MB) | Prévisualisation |
Résumé
Technological advances and innovative business models led to the modernization of the cyber-physical concept with the realization of the Internet of Things (IoT). While IoT envisions a plethora of high impact benefits in both, the consumer as well as the control automation markets, unfortunately, security concerns continue to be an afterthought. Several technical challenges impedes addressing such security requirements, including, lack of empirical data related to various IoT devices in addition to the shortage of actionable attack signatures. In this paper, we present what we believe is a first attempt ever to comprehend the severity of IoT maliciousness by empirically characterizing the magnitude of Internet-scale IoT exploitations. We draw upon unique and extensive darknet (passive) data and develop an algorithm to infer unsolicited IoT devices which have been compromised and are attempting to exploit other Internet hosts. We further perform correlations by leveraging active Internet-wide scanning to identify and report on such IoT devices and their hosting environments. The generated results indicate a staggering 11 thousand exploited IoT devices that are currently in the wild. Moreover, the outcome pinpoints that IoT devices embedded deep in operational Cyber-Physical Systems (CPS) such as manufacturing plants and power utilities are the most compromised. We concur that such results highlight the widespread insecurities of the IoT paradigm, while the actionable generated inferences are postulated to be leveraged for prompt mitigation as well as to facilitate IoT forensic investigations using real empirical data.
Type de document: | Compte rendu de conférence |
---|---|
Professeur: | Professeur Kaddoum, Georges |
Affiliation: | Génie électrique |
Date de dépôt: | 28 nov. 2017 16:37 |
Dernière modification: | 22 janv. 2020 19:58 |
URI: | https://espace2.etsmtl.ca/id/eprint/16003 |
Actions (Authentification requise)
Dernière vérification avant le dépôt |