Collective Responsibility and Mutual Coercion in IoT Botnets - A Tragedy of the Commons Problem

Carolina Adaros Boye, Paul Kearney, Mark Josephs

Abstract

In recent years, several cases of DDoS attacks using IoT botnets have been reported, including the largest DDoS known, caused by the malware Mirai in 2016. The infection of the IoT devices could have been prevented with basic security hygiene, but as the actors responsible to apply these preventative measures are not the main target but just “enablers” of the attack their incentive is little. In most cases they will even be unaware of the situation. Internet, as a common and shared space allows also some costs to be absorbed by the community rather than being a direct consequence suffered by those that behave insecurely. This paper analyses the long term effects of the prevalence of a system where individual decision-making systematically causes net harm. An analogy with “the tragedy of the commons” problem is done under the understanding that rational individuals seek the maximization of their own utility, even when this damages shared resources. Four areas of solution are proposed based on the review of this problem in different contexts. It was found necessary to include non-technical solutions and consider human behaviour. This opens a discussion about a multidisciplinary focus in IoT cyber security.

Download


Paper Citation


in Harvard Style

Boye C., Kearney P. and Josephs M. (2018). Collective Responsibility and Mutual Coercion in IoT Botnets - A Tragedy of the Commons Problem.In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 2: BASS, ISBN 978-989-758-319-3, pages 470-480. DOI: 10.5220/0006944704700480


in Bibtex Style

@conference{bass18,
author={Carolina Adaros Boye and Paul Kearney and Mark Josephs},
title={Collective Responsibility and Mutual Coercion in IoT Botnets - A Tragedy of the Commons Problem},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 2: BASS,},
year={2018},
pages={470-480},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006944704700480},
isbn={978-989-758-319-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - Volume 2: BASS,
TI - Collective Responsibility and Mutual Coercion in IoT Botnets - A Tragedy of the Commons Problem
SN - 978-989-758-319-3
AU - Boye C.
AU - Kearney P.
AU - Josephs M.
PY - 2018
SP - 470
EP - 480
DO - 10.5220/0006944704700480