IoDDoS — The Internet of Distributed Denial of Service Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets

Roger Hallman, Josiah Bryan, Geancarlo Palavicini, Joseph Divita, Jose Romero-Mariona


The Internet of Things (IoT), a platform and phenomenon allowing everything to process information and communicate data, is populated by ‘things’ which are introducing a multitude of new security vulnerabilities to the cyber-ecosystem. These vulnerable ‘things’ typically lack the ability to support security technologies due to the required lightweightness and a rush to market. There have recently been several high-profile Distributed Denial of Service (DDoS) attacks which utilized a botnet army of IoT devices. We first discuss challenges to cybersecurity in the IoT environment. We then examine the use of IoT botnets, the characteristics of the IoT cyber ecosystem that make it vulnerable to botnets, and make a deep dive into the recently discovered IoT-based Mirai botnet malware. Finally, we consider options to mitigate the risk of IoT devices being conscripted into a botnet army.


  1. Amiri, I. S. and Soltanian, M. R. K. (2015). Theoretical and Experimental Methods for Defending Against DDoS Attacks. Syngress.
  2. Beel, J. and Prasad, R. (2016). Internet of everything (ioe): Information technology (it) and operational technology (ot). In Proceedings of the 2016 Advanced Machinery Technology Symposium. American Society of Naval Engineers.
  3. Bertino, E. and Islam, N. (2017). Botnets and internet of things security. Computer, 50(2):76-79.
  4. Boyer, S. A. (2009). SCADA: supervisory control and data acquisition. International Society of Automation.
  5. Boyle, P. (2000). Idfaq: Distributed denial of service attack tools: trinoo and wintrinoo. Available at faq/distributed-denial-of-service-attack-t ools-trinooand-wintrinoo/9/10 (2016/11/01).
  6. Cruz, T., Queiroz, R., Sim o˜es, P., and Monteiro, E. (2016). Security implications of scada ics virtualization: survey and future trends. In ECCWS2016-Proceedings fo the 15th European Conference on Cyber Warfare and Security, page 74. Academic Conferences and publishing limited.
  7. Dr.Web (2016). Investigation linux.mirai trojan family. Available 016/september/Investigation of Linux.Mirai jan family en.pdf (2017/02/21).
  8. Gasti, P., Tsudik, G., Uzun, E., and Zhang, L. (2012). Dos & ddos in named-data networking. arxive-prints. Technical report, Tech Rep 1208.0952 v2.
  9. Gayatri, V. and Naidu, K. K. (2015). Resource depletion attacks in wireless ad-hoc sensor networks. International Journal of Innovative Research in Computer and Communication Engineering, 3(6):81-86.
  10. Gubbi, J., Buyya, R., Marusic, S., and Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7):1645-1660.
  11. Hachem, N., Mustapha, Y. B., Granadillo, G. G., and Debar, H. (2011). Botnets: lifecycle and taxonomy. In Network and Information Systems Security (SAR-SSI), 2011 Conference on, pages 1-8. IEEE.
  12. Holm, E. (2016). The role of the refrigerator in identity crime? Cyber-Security and Digital Forensics, page 1.
  13. Khan, R., Maynard, P., McLaughlin, K., Laverty, D., and Sezer, S. (2016). Threat analysis of blackenergy malware for synchrophasor based real-time control and monitoring in smart grid.
  14. Khattak, S., Ramay, N. R., Khan, K. R., Syed, A. A., and Khayam, S. A. (2014). A taxonomy of botnet behavior, detection, and defense. IEEE communications surveys & tutorials, 16(2):898-924.
  15. Krebs, B. (2016a). Did the mirai botnet really take liberia offline? Available at e-miraibotnet-really-take-liberia-offline / (2017/02/21).
  16. Krebs, B. (2016b). Krebsonsecurity hit with record ddos. Available at nsecurity-hit-with-record-ddos/ (2016/09/22).
  17. Lee, R. M., Assante, M. J., and Conway, T. (2016). Analysis of the cyber attack on the ukrainian power grid. SANS Industrial Control Systems.
  18. Lin, K.-C., Chen, S.-Y., and Hung, J. C. (2014). Botnet detection using support vector machines with artificial fish swarm algorithm. Journal of Applied Mathematics, 2014.
  19. Loshin, P. (2016). Details emerging on dyn dns ddos attack, mirai iot botnet. Available at 450401962/Details-emerging-on-Dyn-DNS-DDoS -attack-Mirai-IoT-botnet (2016/11/01).
  20. Mirai (2016). Github: Mirai source code. Available at ode (2017/02/22).
  21. Moffitt, T. (2016). Source code for mirai iot malware released. Available at urcecode-mirai-iot-malware-released/ (2016/11/01).
  22. Nazario, J. (2007). Blackenergy ddos bot analysis. Arbor.
  23. Nazario, J. (2009). Politically motivated denial of service attacks. The Virtual Battlefield: Perspectives on Cyber Warfare, pages 163-181.
  24. Newman, L. H. (2016). What we know about friday's massive east coast internet outage. Available at ageddos-dns-dyn/ (2016/10/21).
  25. Okafor, K., Okoye, J. A., and Ononiwu, G. (2016). Vulnerability bandwidth depletion attack on distributed cloud computing network: A qos perspective. International Journal of Computer Applications, 138(7):18-30.
  26. Pultarova, T. (2016a). Cyber security-ukraine grid hack is wake-up call for network operators [news briefing]. Engineering & Technology, 11(1):12-13.
  27. Pultarova, T. (2016b). Webcam hack shows vulnerability of connected devices. Engineering & Technology, 11(11):10-10.
  28. Ragan, S. (2016). Some thoughts on the krebs situation: Akamai made a painful business call. Available at ecurity/so me-thoughts-on-the-krebs-situat ml (2016/11/07).
  29. Romero-Mariona, J., Hallman, R., Kline, M., Miguel, J. S., Major, M., and Kerr, L. (2016). Security in the industrial internet of things - the c-sec approach. In Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD,, pages 421-428.
  30. Santanna, J. J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., and Pras, A. (2015). Booters-an analysis of ddos-as-a-service attacks. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, pages 243- 251. IEEE.
  31. Singh, S. and Gyanchandani, M. (2010). Analysis of botnet behavior using queuing theory. International Journal of Computer Science & Communication, 1(2):239- 241.
  32. Sivaraman, V., Chan, D., Earl, D., and Boreli, R. (2016). Smart-phones attacking smart-homes. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pages 195-200. ACM.
  33. Sivaraman, V., Gharakheili, H. H., Vishwanath, A., Boreli, R., and Mehani, O. (2015). Network-level security and privacy control for smart-home iot devices. In Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on, pages 163-167. IEEE.
  34. Specht, S. M. and Lee, R. B. (2004). Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In ISCA PDCS, pages 543-550.
  35. Stankovic, J. A. (2014). Research directions for the internet of things. IEEE Internet of Things Journal, 1(1):3-9.
  36. Symantec (2016). Symantec security response: Iot devices being increasingly used for ddos attacks. Available at -devices-being-increasingly-used-ddos-atta cks (2016/11/07).
  37. Thierer, A. and Castillo, A. (2015). Projecting the growth and economic impact of the internet of things. George Mason University, Mercatus Center, June, 15.
  38. US-CERT (2016). Alert (ta16-288a): Heightened ddos threat posed by mirai and other botnets. Available at 88A (2016/10/17).
  39. Voas, J. (2016). Networks of 'things'. NIST Special Publication, 800:183.
  40. Woolf, N. (2016). Ddos attack that disrupted internet was largest of its kind in history, experts say. Available at 6/oct/26/ddos-attack-dyn-mirai-botnet (2016/10/22).
  41. Zeifman, I., Bekerman, D., and Herzberg, B. (2016). Breaking down mirai: An iot ddos botnet analysis. Available at lysis-mirai-ddos-botnet.html (2016/11/01).
  42. Zhu, Z., Lu, G., Chen, Y., Fu, Z. J., Roberts, P., and Han, K. (2008). Botnet research survey. In 2008 32nd Annual IEEE International Computer Software and Applications Conference, pages 967-972. IEEE.

Paper Citation

in Harvard Style

Hallman R., Bryan J., Palavicini G., Divita J. and Romero-Mariona J. (2017). IoDDoS — The Internet of Distributed Denial of Service Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets . In Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-245-5, pages 47-58. DOI: 10.5220/0006246600470058

in Bibtex Style

author={Roger Hallman and Josiah Bryan and Geancarlo Palavicini and Joseph Divita and Jose Romero-Mariona},
title={IoDDoS — The Internet of Distributed Denial of Service Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets},
booktitle={Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},

in EndNote Style

JO - Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - IoDDoS — The Internet of Distributed Denial of Service Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets
SN - 978-989-758-245-5
AU - Hallman R.
AU - Bryan J.
AU - Palavicini G.
AU - Divita J.
AU - Romero-Mariona J.
PY - 2017
SP - 47
EP - 58
DO - 10.5220/0006246600470058