Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices
This addresses the challenge of securing out-of-date IoT devices against disruptive DDoS attacks, offering a deployable solution for manufacturers and users, though it appears incremental as it builds on existing botnet concepts.
The paper tackles the problem of expelling Mirai botnet infections from vulnerable IoT devices that lack firmware update capabilities by proposing a collaborative defense strategy that uses a 'white' Mirai variant to remove malicious variants and secure devices, with results showing effective evasion of Mirai attacks.
Mirai is botnet which targets out-of-date Internet-of-Things (IoT) devices. The disruptive Distributed Denial of Service (DDoS) attack last year has hit major Internet companies, causing intermittent service for millions of Internet users. Since the affected devices typically do not support firmware update, it becomes challenging to expel these vulnerable devices in the wild. Both industry and academia have made great efforts in amending the situation. However, none of these efforts is simple to deploy, and at the same time effective in solving the problem. In this work, we design a collaborative defense strategy to tackle Mirai. Our key idea is to take advantage of human involvement in the least aggressive way. In particular, at a negotiated time slot, a customer is required to reboot the compromised device, then a "white" Mirai operated by the manufacturer breaks into the clean-state IoT devices immediately. The "white" Mirai expels other malicious Mirai variants, blocks vulnerable ports, and keeps a heart-beat connection with the server operated by the manufacturer. Once the heart-beat is lost, the server re-implants the "white" Mirai instantly. We have implemented a full prototype of the designed system, and the results show that our system can evade Mirai attacks effectively.