theme image
Understanding the Mirai BotnetUnderstanding the Mirai Botnet
  1. publications
  2. network security

Understanding the Mirai Botnet

Available Media

Publication (Pdf)

ConferenceUsenix Security - 2017
AuthorsManos Antonakakis , Tim April , Michael Bailey ,
Citation

Bibtex Citation

@inproceedings{ ANTONAKAKIS2017UNDERSTANDING,title = {Understanding the Mirai Botnet},author = {"Manos, Antonakakis" and "Tim, April" and "Michael, Bailey" and "Matt, Bernhard" and "Elie, Bursztein" and "Jaime, Cochran" and "Zakir, Durumeric" and "J. Alex, Halderman" and "Luca, Invernizzi" and "Michalis, Kallitsis" and "Deepak, Kumar" and "Chaz, Lever" and "Zane, Ma" and "Joshua, Mason" and "Damian, Menscher" and "Chad, Seaman" and "Nick, Sullivan" and "Kurt, Thomas" and "Yi, Zhou"},booktitle = {Usenix Security},year = {2017},organization = {Usenix}}

The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. In this paper, we provide a seven-month retrospective analysis of Mirai’s growth to a peak of 600k infections and a history of its DDoS victims. By combining a variety of measurement perspectives, we analyze how the botnet emerged, what classes of devices were affected, and how Mirai variants evolved and competed for vulnerable hosts. Our measurements serve as a lens into the fragile ecosystem of IoT devices. We argue that Mirai may represent a sea change in the evolutionary development of botnets—the simplicity through which devices were infected and its precipitous growth, demonstrate that novice malicious techniques can compromise enough low-end devices to threaten even some of the best-defended targets. To address this risk, we recommend technical and nontechnical interventions, as well as propose future research directions.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.