Understanding the Attackers and Victims in IoT-based DDoS attacks

A mixed methodology approach to understanding cybercrime

Master thesis (2021)

Authors

W. Su Technology, Policy and Management

Contributors

M.J.G. van Eeten Organisation & Governance - (mentor)

B. Enserink Policy Analysis - (graduation committee member)

A. Noroozian Organisation & Governance - (graduation committee member)

Faculty

Technology, Policy and Management, Technology, Policy and Management

NLP Data Analysis IoT Regression DDoS Cybersecurity Amplification Economics of Cybersecurity Underground Markets

To reference this document use:

http://resolver.tudelft.nl/uuid:2e52c0cb-d391-4b83-8935-283aa9f7f8e5

More Info

expand_more

Published Date

01-03-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Technology, Policy and Management

Abstract

To protect critical services in today's society it is necessary to mitigate and prevent risks threatening the reliability of the internet. Internet-of-Things (IoT) devices are the number one attack target on the internet. The situation will become worse as there will be an expected 40 billion IoT devices in 2025. IoT bot activity represented 78% malware network activity or detection events in carrier networks in 2018. The vulnerability and large volume of IoT devices make them a likely target for cybercriminals in distributed denial-of-service (DDoS) attacks. The rise of IoT is increasing the volume of DDoS attacks. A lot of (critical) infrastructure are therefore susceptible being shut down by DDoS attacks. DDoS attacks are commoditized with booter services, which perform attacks on targets in return for money. This allows a wider audience to utilize DDoS attacks as the only necessary prerequisite is money. These services have increased attack frequencies and attack power of the attacks. The DDoS-as-a-Service landscape has mainly used amplification attacks to take down their victims, however, it is yet unclear if they are also utilizing the growth of IoT for their purposes. This research will look at the impact of IoT-based DDoS attacks on the victims, with the main research question being: What patterns of commoditization and victimization can we observe with IoT-based DDoS attacks compared to amplification attacks? Conclusively, vulnerable IoT devices are already a serious threat. They are commoditized and they bring significant differences to DDoS attack characteristics and victimization patterns. As DDoS remains an arms race where adaptation is important, this research showcases a concrete example of how emerging technology can change the existing marketplaces and attack patterns. It also showed its value by looking at IoT from a holistic view to gain understanding of the technical as well as the social impacts. However, more research is needed in this field as the quickly changing field needs to be monitored. Questions still remain which factors can explain the country-level effects in more detail. Expansion of the tools and capabilities to investigate underground chat data would be fruitful as well.

Files

MSc_Thesis_KevinSu_IoT_DDoS_At... (.pdf)

(.pdf | 31 Mb)