An IoT Botnet Prediction Model Using Frequency based Dependency Graph: Proof-of-concept

Malware attacks are widespread in an era of growing technology by targeting most computing resources. Plenty of the technology nowadays is based on digital data exchange and it leads to the Internet of Things (IoT) development. A massive growth of IoT technology attracts attackers' interest in exploiting a number of IoT devices using a variety of attacks. Consequently, this has caused difficulty to the researcher in distinguishing a characteristic of such variant specifically for IoT botnet-based attack. Current approaches are weak in recognizing such behavior by analyzing registry information more accurately due to the fact that the attack pattern usually hard to construct. Hence, in this paper, selected features of suspicious registry information that's been affected by IoT botnet action i.e. Mirai is further analyzed using the graph-theoretical approach. Using a dependency graph, the similar and dissimilar pattern of distinct botnet composed to facilitate the process of malware variant characteristic identification. As a result of doing this, a precise attack pattern can be constructed and could be considered for future botnet prediction. A series of experiments conducted as a proof-of-concept in order to assess and validate the formed attack pattern. The findings have shown that the proposed prediction model could overcome the issues of undetectable IoT botnet behavior. From this forward, this model could be used to obtain accurate detection results for any variant of malware.