In recent years, emerging technologies such as the Internet of Things gain increasing interest in various communities. However, the majority of IoT devices have little or no protection at software and infrastructure levels and thus are also opening up new vulnerabilities that might be misused by cybercriminals to perform large-scale cyber attacks by means of IoT botnets. These kind of attacks lead to infrastructure and service outages and cause enormous financial loss, image and reputation damage. One approach to proactively block the spreading of such IoT botnets is to automatically scan for vulnerable IoT devices and isolate them from the Internet before they are compromised and also become part of the IoT botnet. The goal of this paper is to present an IoT botnet detection and isolation approach at the level of access routers that makes IoT devices more attack resilient. We show that our IoT botnet detection and isolation approach helps to prevent the compromise of IoT devices without the need to have in-depth technical administration knowledge, and hence make it viable for customers and end users.
Recommended citation: C. Dietz, R. Labaca-Castro, J. Steinberger, C. Wilczak, M. Antzek, A. Sperotto, A. Pras: IoT-Botnet Detection and Isolation by Access Routers. 9th International Conference on the Network of the Future (NoF), Poznan, Poland, November 2018.