Botnet Analysis And Optimization For IoT Terminal Devices

The rapid development of the Internet of Things technology has brought great convenience to people’s work and life by changing their working and living patterns.Io T devices have become more popular than ever,and people are increasingly eager for them to make their work and life more intelligent.However,this progress has not only brought benefits but also various network attacks.Botnets,as a common and effective network attack method,has brought tremendous threats to Internet security.With the growth of the global Io T devices’ number,it has provided new media and channels for the rapid spread of malicious code,and the subjects of botnets infection have expanded from personal computers and servers to a massive number of Io T devices,with Mirai being a representative example.Although significant progress has been made in the research of botnets and a holistic Io T security defense system has been formed,the development trend of botnets cannot be completely and effectively curbed.Currently,existing botnets have exhibited new characteristics in terms of their morphology and mechanisms,yet systematic research on this trend is still lacking.With the continuous escalation of the offensive and defensive game in cyberspace,there is a need for in-depth research and exploration of the core mechanisms,evolutionary patterns,and relevant defense techniques of botnets.In this regard,the main focus of this thesis is to predict the potential emergence of new forms and technologies in botnets.Taking the representative Mirai botnet as the starting point of the research,this thesis analyzes the overall architecture of Mirai and investigates the main functions of its control and controlled components.It reveals the weaknesses of the Mirai botnet,namely that the "kill" command can terminate the Mirai process and that Mirai is unable to counteract the rebooting of Io T devices.Building upon these findings,this thesis proposes an optimized approach based on Mirai.By adding the SIGTERM signal to the blocked signal set of the Mirai malware program,when the Mirai malware program receives the SIGTERM signal,it will not execute any signal handling program,thereby enhancing the survivability of the Mirai malware program in the terminal.Furthermore,by writing the malware program into the init.d directory of Io T devices,the code persistence effect is achieved,and an auto-start script is uploaded to enable the malware program to automatically run when the Io T device restarts,thereby realizing the self-starting capability of the malware program and endowing the Mirai botnet malware program with recoverability.Based on the aforementioned research and optimization approach,this thesis designs and implements a propagation model based on the optimized Mirai botnet to enhance the resilience of the Mirai malware program.By employing a combination of virtual and real techniques,real Io T devices are introduced into the experimental environment to enable automatic propagation of the Mirai malware.Through manual interventions,it is observed that the optimized Mirai malware program cannot be terminated by the "kill" command,and infected devices can reconnect to the control server and operate stably after device reboot.The experimental results demonstrate that this approach represents a potential direction for the future evolution of Mirai botnet malware programs.It provides important insights for researchers to enhance the existing defense systems and improve the emergency response capabilities for zombie network security incidents.