Internet of Things at UMD

The Internet of Things (IoT) introduces an unprecedented diversity and ubiquity to networked computing. It also introduces new attack surfaces that are a boon to attackers. We are performing research to better understand and mitigate attacks on (and from) these devices.

This work includes student researchers from Breakerspace, an undergraduate cybersecurity research lab with the goal of scaling up research experiences for undergrads.

News

02/25/2019

Stephen Herwig will be presenting our work on measuring and analyzing Hajime at NDSS; be sure to attend the talk!

11/06/2018

Our paper on measuring and analyzing Hajime, a peer-to-peer IoT Botnet, has been accepted to NDSS 2019.

09/22/2018

Our poster on Hajime has been accepted to the ACM Internet Measurement Conference (IMC) poster session.

Key Results

IoT botnets are large, resilient, and hetereogeneous

We have performed longitudinal measurements on Hajime, the successor to the well-known Mirai botnet. We found that:

  • After Hajime deployed new exploits (Chimay-Red and GPON), it peaked to upwards of 95,000 active bots.
  • Hajime's bots run a wide assortment of CPU architectures, spanning an array of ARM and MIPS devices.
  • The number of architecture type of bots varies dramatically from country to country.

Code & Data

We will be making the code and data from our NDSS 2019 paper available here. If you would like updates, please email Stephen.

Papers

        pdf            slides (pdf)     slides (key)   Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet
Stephen Herwig, Katura Harvey, George Hughey, Richard Roberts, Dave Levin
NDSS 2019 (Network and Distributed System Security Symposium)

Posters

  pdf   Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet
Stephen Herwig, Katura Harvey, George Hughey, Richard Roberts, Dave Levin
IMC 2018 (Internet Measurement Conference))

People

  • Stephen Herwig
  • Katura Harvey
  • Richard Roberts
  • George Hughey
  • Dave Levin