City Research Online - WARDOG: Awareness Detection Watchdog for Botnet Infection on the Host Device

WARDOG: Awareness Detection Watchdog for Botnet Infection on the Host Device

Hatzivasilis, G., Soultatos, O., Chatziadam, P. , Fysarakis, K., Askoxylakis, I. G., Ioannidis, S., Alexandris, G., Katos, V. & Spanoudakis, G. ORCID: 0000-0002-0037-2600 (2021). WARDOG: Awareness Detection Watchdog for Botnet Infection on the Host Device. IEEE Transactions on Sustainable Computing, 6(1), pp. 4-18. doi: 10.1109/tsusc.2019.2914917

Abstract

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG - an awareness and digital forensic system that informs the end-user of the botnet's infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field.

Publication Type:	Article
Additional Information:	© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Publisher Keywords:	Computer crime; forensic; intrusion detection; intrusion prevention; network security; security management
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology > Computer Science
SWORD Depositor:	Symplectic Administrator

[thumbnail of IEEE I-SUSC - WARDOG_v6 - Revision 2 (1).pdf]

Preview

Text - Accepted Version
Download (1MB) | Preview

Export

Downloads

Downloads per month over past year

View more statistics

Metadata

Altmetric

Funder Information

CORE (COnnecting REpositories)

Actions (login required)

Admin Login

Creators:	Hatzivasilis, G. Soultatos, O. Chatziadam, P. Fysarakis, K. Askoxylakis, I. G. Ioannidis, S. Alexandris, G. Katos, V. Spanoudakis, G. ORCID: 0000-0002-0037-2600
Status:	Published
Refereed:	Yes
Journal or Publication Title:	IEEE Transactions on Sustainable Computing
Publisher:	Institute of Electrical and Electronics Engineers (IEEE)
ISSN:	2377-3782
e-ISSN:	2377-3782
URI:	https://openaccess.city.ac.uk/id/eprint/31534
Date available in CRO:	16 Nov 2023 13:51
Date deposited:	17 October 2023
Dates:	Date Event 24 April 2019 Accepted 15 May 2019 Published Online 31 March 2021 Published