Gokhan Sagirlar

Gokhan Sagirlar, Barbara Carminati, Elena Ferrari

In general, a botnet is a collection of compromised internet computers, controlled by attackers for malicious purposes. To increase attacks' success chance and resilience against defence mechanisms, modern botnets have often a decentralized P2P structure. Here, IoT devices are playing a critical role, becoming one of the major tools for malicious parties to perform attacks. Notable examples are DDoS attacks on Krebs on Security and DYN, which have been performed by IoT devices part of botnets. We take a first step towards detecting P2P botnets in IoT, by proposing AutoBotCatcher, whose design is driven by the consideration that bots of the same botnet frequently communicate with each other and form communities. As such, the purpose of AutoBotCatcher is to dynamically analyze communities of IoT devices, formed according to their network traffic flows, to detect botnets. AutoBotCatcher exploits a permissioned Byzantine Fault Tolerant (BFT) blockchain, as a state transition machine that allows collaboration of a set of pre-identified parties without trust, in order to perform collaborative and dynamic botnet detection by collecting and auditing IoT devices' network traffic flows as blockchain transactions. In this paper, we focus on the design of the AutoBotCatcher by first defining the blockchain structure underlying AutoBotCatcher, then discussing its components.

Gokhan Sagirlar, Barbara Carminati, Elena Ferrari

Internet of Things (IoT) is now evolving into a loosely coupled, decentralized system of cooperating smart objects, where high- speed data processing, analytics and shorter response times are becoming more necessary than ever. Such decentralization has a great impact on the way personal information generated and consumed by smart objects should be protected, because, without centralized data management, it is more difficult to control how data are combined and used by smart objects. To cope with this issue, in this paper, we propose a framework where users of smart objects can specify their privacy preferences. Compliance check of user individual privacy preferences is performed directly by smart objects. Moreover, acknowledging that embedding the enforcement mechanism into smart objects implies some overhead, we have extensively tested the proposed framework on different scenarios, and the obtained results show the feasibility of our approach.