Automated detection of Mirai-like IOT bots, in large scale internet service provider networks, through sampled traffic flow analysis

The Internet of Things (IoT) is an ecosystem comprised of various devices that interact and communicate over the internet. These devices are often low-power, limited processing capability sensing devices representing common consumer products found in the home, i.e. appliances, televisions, door locks and alarms and home automation systems. The term IoT is not new nor emerging, but for all intents and purposes is in its infant stage. IoT is defined as an interconnected system of devices and sensors that are used by organizations and consumer alike. The IoT devices effectively revolutionized the way people “internet” by increasing operational efficiency and providing new and improved ways to gather and disseminate data. The concept of being able to access IoT devices anytime and anywhere is the core of IoT desirability to the market. The current estimate of connected IoT devices is in the tens of billions and is expected to increase exponentially in the next six years. The driving force of IoT devices is centered in the consumer market. Due to large demand, companies are saturating that market with devices that often lack security features, leading to vulnerabilities. The sheer number of IoT devices that have been exploited is a problem for the entire internet, and more specifically internet service providers (ISPs). These exploited devices are used to create botnets. Botnets are a critical concern for security systems today because cybercriminals leverage their ability to infiltrate almost any IoT device. A published study from MIT concluded that social media bots and automated accounts played a major role in spreading fake news. The term botnet is derived from the word's “robot’ and “network”. Size matters when discussing the potential of botnets. Cyber criminals use this framework of botnets to cause massive DDoS attacks to individuals and large corporations. Botnets are designed to infect millions of devices and are difficult to detect.