Design and evaluation of feature distributed malware attacks against the Internet of Things (IoT)

Byungho Min, Vijay Varadharajan

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

20 Citations (Scopus)

Abstract

In this paper, we analyse the Internet of Things (IoT) aspect of smart home from a security perspective, and adapt an advanced malware technique (called feature-distributed malware) for the IoT. We design several attacks including cyber-physical system attacks and advanced cyber attacks, and then evaluate their impact via practical evaluations. Our proposed offensive techniques are based on the following current smart home status: (1) almost every smart home appliance is directly or indirectly connected to the Internet for remote monitoring and/or control. (2) there are Internet services that integrate heterogeneous devices into one single smart home environment. These integration services make it easy and simple to build any form of customised smart home configurations. However, at the same time, such services also put the smart home at risk when they are compromised and abused by attackers, which means that the attackers can achieve their goals without needing to compromise individual smart home devices. Our evaluation results show that using traditional web attack techniques such as cookie stealing can be turned into sophisticated attacks that enable the attackers to perform various malicious activities such as unlocking the smart lock installed at the target premises and disarming security alarms. Considering existing research efforts on the smart home security are mainly about security analysis of individual devices and protocols, we believe this work will shed light on the practical implications of integrating the smart home with the Internet of things, therefore helping the development of more secure smart home environments in the future.

Original languageEnglish
Title of host publicationProceedings - 2015 20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages80-89
Number of pages10
ISBN (Electronic)9781467385817
DOIs
Publication statusPublished - 2015
Event20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015 - Gold Coast, Australia
Duration: 9 Dec 201511 Dec 2015

Other

Other20th International Conference on Engineering of Complex Computer Systems, ICECCS 2015
Country/TerritoryAustralia
CityGold Coast
Period9/12/1511/12/15

Keywords

  • Cyber-Physical Systems
  • Internet of Things
  • Malware
  • Security
  • Smart Home

Fingerprint

Dive into the research topics of 'Design and evaluation of feature distributed malware attacks against the Internet of Things (IoT)'. Together they form a unique fingerprint.

Cite this