SlideShare a Scribd company logo

Detecting and Confronting Flash Attacks from IoT Botnets

Download as PPTX, PDF
Farjad Noor
Farjad Noor

How to detect and confront flash attacks from IoT botnets using different detection techniques.

Education
1 of 17
Detecting & Confronting Flash Attacks From IoT Botnets Presented By: Farjad Noor
Internet of Things • The IoT is a network of physical objects or things embedding electronics, software, sensors and network connections that collects and facilitates the exchange of data. The IoT serves as a conceptual background for smart systems and applications such as the smart grid, building and home automation systems such as SCADA, healthcare and medical systems, environmental monitoring systems and industrial systems.
Cont.. • However, in recent years, IoT devices have become prone to physical, network and application-layer attacks. As a result, the number of IoT-based Distributed Denial of Service (DDoS) attacks has increased rapidly in recent years. A bot is a device that has been compromised by malware and can be controlled remotely by hackers. IoT botnets are collections of compromised devices such as cameras, routers, wearables and other embedded hard- ware technologies infected with malware. Botnet owners/masters are able to control such infected equipment and issue commands to perform malicious activities such as malware attacks, social engineering attacks, distributed denial of service (DDoS) attacks, sending spam email and information theft.
Proposed Architecture of Mirai Malware The Mirai botnet is a self-propagating botnet malware that has the ability to infect tens of thousands of insecure devices and con-trol them to launch a DDoS attack against a chosen victim causing a flash crowd. Mirai has two components: the virus itself and the command-and-control server (CnC). The virus uses the attack vectors, and a scanner continuously monitors the network looking for other devices to compromise. The CnC controls the com-promised devices, sending them instructions to launch attacks against one or more victims. A scanner runs continuously on each bot and uses the telnet protocol. A bot uses two types of vectors called the attack vector and the infection vector. The former is used to execute DDoS attacks on the target website. The infection vec-tor is used to spread malware in the network.
RELATED WORK
Botnet detection techniques Botnet detection techniques • Dong • Binkley • Gu • Zeidanloo • Yen • Jelasity • Villamarin • Nagaraja • Perdisci • Zhang • Chen • Strayer • Bahsi • Zhao • Al-Jarrah • Meidan • Gopal • Habibi • Hossein Honeypots • Anirudh • Khattab • Provos Cryptomining • Eskandari • Zareh • Carlin • Hong • Saad • Wyke • Dong • Binkley • Gu • Zeidanloo • Yen • Jelasity • Villamarin • Nagaraja • Perdisci • Zhang • Chen • Strayer • Bahsi • Zhao • Al-Jarrah • Meidan • Gopal • Habibi • Hossein
MATERIALS AND METHOD
Materials and method • The architecture of the proposed system shown in Fig. 1 represents the major components of the system, their relationships and the interactions between them. • The system first considers the botnet construction phase, during which the network is scanned for vulnerable IoT devices for loading the malware. The detection of a botnet is implemented through sparse autoencoder that uses data compression to enhance performance. Cryptojacking is detected to avoid illegitimate mining and ensure an optimal resource usage. The final phase controls the propagation of an IoT botnet by deploying a honeypot that simulates the behavior of a vulnerable IoT device. The main goal of the proposed system is to develop an NN model that detects and confronts botnet propagation and cryptojacking by using pattern analysis and outlier detection methods. • The bot master logs into the CnC server and issues control commands to IoT devices. The scanner performs a dictionary attack on the victim IoT devices and tries to login into the telnet or SSH server of the IoT device. If the login attempt is successful, the scanner reports the IP address of the IoT device back to the loader. The loader transforms the IoT device into an IoT bot by downloading the cryptojacking malware to the device and running it. The cross-compiler compiles the botnet source code into executables and binaries for various target platforms of IoT devices. Once the botnet malware compromises the victim’s system, the cryptomining activity is carried over by sending appropriate commands.
Setting up a Mirai botnet • Mirai is a variant of IoT botnets malware that has taken advantage of significant gaps in IoT device security. Mirai is based on a client–server model. A virtual private server (VPS) on AWS Lightsail is rented for hosting the Mirai malware. It is a Debian VPS with 512 MB of RAM, 1 virtual CPU and 20 GB SSD. It hosts three servers and utilities. The command-and- control server launches the attack vectors by providing a root login to the bot master. The scanner scans for vulnerable IoT devices on ports 23 (telnet), 22 (SSH) and 80 (HTTP). The loader loads the Mirai variant and the cryptominer onto the IoT device provided by the scanner. Utilities such as a MySQL database, cross-compilers and attack vectors are also hosted on the VPS.
Scanner and loader • The scanner serves the purpose of identifying the vulnerable devices on the network. It performs port scanning on telnet port 23, SSH port 22 and HTTP port 80 looking for vulnerable IoT devices. Afterward, it launches a dictionary attack on the port that was open during port scanning. The scanner, running on port 48101 of the virtual private server, gains access to the IoT devices. Once shell access has been obtained, the IP address of the bot is sent to the loader. An ongoing scanning by the loader ensures that the vulnerable device is reinfected if it has been rebooted. The loader performs two operations: loading both the Mirai and cryptojacking malware onto the vulnerable IoT device and acting as a listening server by reporting all the login attempts and maintaining a whitelist of the identified potential bots on the MySQL server. Continuous scanning of loader ensures that the device gets infected again if it has been rebooted. With the help of a utility called BusyBox, the precompiled Mirai variant and cryptominer are downloaded using wget and TFTP. This IoT bot in turn infects the vulnerable devices in its vicinity by recursively performing the port scanning and dictionary attacks.
Command-and-control server • The CnC server in Fig. 2 is the powerhouse of the botnet architecture and issues command to IoT botnets to launch large-scale attacks. The bot master logs in as root into the CnC server. The server runs on telnet port 23 on the VPS. The username and password of the bot master are entered at the login prompt to obtain root access. Once the root access has been gained, a command is issued from the C&C Server to start the execution of Cryptominer in the background. As the miner performs mining activities without the knowledge of the user, this process can be considered as Cryptojacking. Various attack vectors are installed into the C&C to launch Distributed Denial of Service (DDoS) attack. Various floods for DDoS attack such as GRE-ETH, UDPPlain, HTTP, UDP, VSE, DNS, SYN, ACK, STOMP and GRE-IP are executed from the “attack.go” file.
FLASH ATTACK PREVENTION
IoT botnet detection • A sparse autoencoder is a neural network-based anomaly detector trained to reconstruct its inputs after some compression. During compression, the sparsity factor ensures that the activation rate stays low so that a neuron in the hidden layer activates only for a small fraction of the training sample. Compression ensures that the network learns meaningful concepts and the relations among its input features. The network packets are collected during two different phases. The first phase occurs before the network has become a botnet. The traffic during this phase is the characteristics of the normal behavior of the network and is used for training the anomaly detector. In the second phase, the data are collected after the network has turned into a botnet. Such traffic exhibits the anomalous behavior of the botnet and is used for detection. The data collected are categorized into three datasets: • 1. Training set (DStrn) used for training the sparse autoencoder to perform anomaly detection, • 2. Optimization set (DSopt) used for optimizing the learning rate and epochs until the mean square error (MSE) stops decreasing • 3. Testing set (DStest) used for calculating the accuracy of the trained anomaly detector.
Cryptojacking detection • Though the botnet has been detected, the cryptomining activity will still be running in the background on the IoT device, consuming all the resources. The proposed cryptomining detection method has several stages, as explained briefly below. Detection based on network traffic: Most of the mining activities are performed using the Stratum mining protocol. Stratum is a line-based protocol using plain TCP sockets, with payload encoded as a JSON-RPC message. There is a high probability that mining activity can be detected if Stratum packets are observed in the network traffic. The request and reply messages are constructed using JSON-RPC. The network traffic is captured and analyzed to obtain the consequent “ids” and their reply messages. The decoded hexadecimal values of the entirety of data in the packets will be displayed according to their timestamps and IPs. The packets are analyzed using a regular expression to detect a pattern. Once a recognized pattern has been detected, the IP and port information are used to obtain the process id of the malware so that a kill signal (SIGKILL) can be sent to it. • Detection based on resource usage: • Another important constraint arises from the anomalies in CPU usage over time. If cryptojacking malware was running, the IoT device would use all of its resources to perform complex computations, which would result in high CPU or GPU and memory usage. The CPU usage over a certain period of time is obtained so that anomalies in it can be detected.
CONCLUSIONS
Conclusions • The exponential growth of IoT devices has made it easier to perform many tasks through automation. However, such devices remain rather insecure, which allows them to become compromised and used without authorization. IoT botnets represent one major threat to Internet security and cloud providers. We have demonstrated our proposed method by setting up bots running variants of Mirai and forming an IoT botnet that generates a very large number of requests, causing a flash crowd. The proposed sparse autoencoder and an outlier detection method provide an effi-cient way of detecting and controlling IoT botnets and cryptojacking by forecasting them in advance. The proposed sparse autoencoder system detects an IoT botnet with accuracy, precision and recall of 99.69%, 100% and 99.39%, respectively, and attains an F1 score of 0.99. The outlier detection method attains a misclassification rate of 1.5%, thereby curtailing most of the illegitimate requests. The performance improvement demonstrated on the Amazon cloud platform is a 19% improvement in processing time, 34% optimization of connection time and 18% reduction in waiting time. This study can be further extended by controlling botnet propagation in a network through a tightly coupled decentralized peer-to-peer detection system that efficiently identifies malicious traffic across federated clouds.

Recommended

IoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksIoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksBiagio Botticelli
 
Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking IJECEIAES
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmIJSRED
 
Literature survey on peer to peer botnets
Literature survey on peer to peer botnetsLiterature survey on peer to peer botnets
Literature survey on peer to peer botnetsAcad
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 
M0704071074
M0704071074M0704071074
M0704071074IJERD Editor
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network SecurityBriskinfosec Technology and Consulting
 
IRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain ProxyIRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain ProxyIRJET Journal
 

Recommended

IoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksIoT Malware Detection through Threshold Random Walks
IoT Malware Detection through Threshold Random WalksBiagio Botticelli
 
Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking Ransomware protection in loT using software defined networking
Ransomware protection in loT using software defined networking IJECEIAES
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmIJSRED
 
Literature survey on peer to peer botnets
Literature survey on peer to peer botnetsLiterature survey on peer to peer botnets
Literature survey on peer to peer botnetsAcad
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 
M0704071074
M0704071074M0704071074
M0704071074IJERD Editor
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network SecurityBriskinfosec Technology and Consulting
 
IRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain ProxyIRJET - Securing Communication among IoT Devices using Blockchain Proxy
IRJET - Securing Communication among IoT Devices using Blockchain ProxyIRJET Journal
 
Bot net detection by using ssl encryption
Bot net detection by using ssl encryptionBot net detection by using ssl encryption
Bot net detection by using ssl encryptionAcad
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013ijcsbi
 
Botnet detection by Imitation method
Botnet detection by Imitation methodBotnet detection by Imitation method
Botnet detection by Imitation methodAcad
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with WiresharkSiddharth Coontoor
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
N44096972
N44096972N44096972
N44096972IJERA Editor
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
504 508
504 508504 508
504 508Editor IJARCET
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSLATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
 
1 importance of light weight authentication in iot
1 importance of light weight authentication in iot1 importance of light weight authentication in iot
1 importance of light weight authentication in iotChintan Patel
 
Icmis
IcmisIcmis
IcmisSandeep Saxena
 
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsDetecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
 
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...Dr. Amarjeet Singh
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 
G0262042047
G0262042047G0262042047
G0262042047inventionjournals
 
G0421040042
G0421040042G0421040042
G0421040042ijceronline
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shahhardik27
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the ArtBiagio Botticelli
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...IRJET Journal
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 

More Related Content

What's hot

Bot net detection by using ssl encryption
Bot net detection by using ssl encryptionBot net detection by using ssl encryption
Bot net detection by using ssl encryptionAcad
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013ijcsbi
 
Botnet detection by Imitation method
Botnet detection by Imitation methodBotnet detection by Imitation method
Botnet detection by Imitation methodAcad
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with WiresharkSiddharth Coontoor
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation J Hartig
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSLATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
 
1 importance of light weight authentication in iot
1 importance of light weight authentication in iot1 importance of light weight authentication in iot
1 importance of light weight authentication in iotChintan Patel
 
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsDetecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
 
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...Dr. Amarjeet Singh
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 

What's hot (19)

Bot net detection by using ssl encryption
Bot net detection by using ssl encryptionBot net detection by using ssl encryption
Bot net detection by using ssl encryption
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013
 
Botnet detection by Imitation method
Botnet detection by Imitation methodBotnet detection by Imitation method
Botnet detection by Imitation method
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with Wireshark
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paper
 
N44096972
N44096972N44096972
N44096972
 
Arbor Presentation
Arbor Presentation Arbor Presentation
Arbor Presentation
 
504 508
504 508504 508
504 508
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSLATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
 
1 importance of light weight authentication in iot
1 importance of light weight authentication in iot1 importance of light weight authentication in iot
1 importance of light weight authentication in iot
 
Icmis
IcmisIcmis
Icmis
 
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsDetecting and Preventing Attacks Using Network Intrusion Detection Systems
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
 
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
IoT: Effective Authentication System (EAS) using Hash based Encryption on RFI...
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social Network
 
G0262042047
G0262042047G0262042047
G0262042047
 
G0421040042
G0421040042G0421040042
G0421040042
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 

Similar to Detecting and Confronting Flash Attacks from IoT Botnets

IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the ArtBiagio Botticelli
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...IRJET Journal
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...Vladimir Eliseev
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetGenetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
 
Internet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchainInternet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchainDavid Wood
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques SafiUllah Saikat
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Editor IJCATR
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET Journal
 
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 

Similar to Detecting and Confronting Flash Attacks from IoT Botnets (20)

IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the Art
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
 
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
Lightweight Distributed Attack Detection and Prevention for the Safe Internet...
 
Botnets
BotnetsBotnets
Botnets
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysis
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetGenetic Algorithm based Layered Detection and Defense of HTTP Botnet
Genetic Algorithm based Layered Detection and Defense of HTTP Botnet
 
Internet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchainInternet of Things (IoT) two-factor authentication using blockchain
Internet of Things (IoT) two-factor authentication using blockchain
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
Botnet
BotnetBotnet
Botnet
 
BOTNET
BOTNETBOTNET
BOTNET
 
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...
 
IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...IRJET - Identification and Classification of IoT Devices in Various Appli...
IRJET - Identification and Classification of IoT Devices in Various Appli...
 
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

Detecting and Confronting Flash Attacks from IoT Botnets

  • 1. Detecting & Confronting Flash Attacks From IoT Botnets Presented By: Farjad Noor
  • 2. Internet of Things • The IoT is a network of physical objects or things embedding electronics, software, sensors and network connections that collects and facilitates the exchange of data. The IoT serves as a conceptual background for smart systems and applications such as the smart grid, building and home automation systems such as SCADA, healthcare and medical systems, environmental monitoring systems and industrial systems.
  • 3. Cont.. • However, in recent years, IoT devices have become prone to physical, network and application-layer attacks. As a result, the number of IoT-based Distributed Denial of Service (DDoS) attacks has increased rapidly in recent years. A bot is a device that has been compromised by malware and can be controlled remotely by hackers. IoT botnets are collections of compromised devices such as cameras, routers, wearables and other embedded hard- ware technologies infected with malware. Botnet owners/masters are able to control such infected equipment and issue commands to perform malicious activities such as malware attacks, social engineering attacks, distributed denial of service (DDoS) attacks, sending spam email and information theft.
  • 4. Proposed Architecture of Mirai Malware The Mirai botnet is a self-propagating botnet malware that has the ability to infect tens of thousands of insecure devices and con-trol them to launch a DDoS attack against a chosen victim causing a flash crowd. Mirai has two components: the virus itself and the command-and-control server (CnC). The virus uses the attack vectors, and a scanner continuously monitors the network looking for other devices to compromise. The CnC controls the com-promised devices, sending them instructions to launch attacks against one or more victims. A scanner runs continuously on each bot and uses the telnet protocol. A bot uses two types of vectors called the attack vector and the infection vector. The former is used to execute DDoS attacks on the target website. The infection vec-tor is used to spread malware in the network.
  • 6. Botnet detection techniques Botnet detection techniques • Dong • Binkley • Gu • Zeidanloo • Yen • Jelasity • Villamarin • Nagaraja • Perdisci • Zhang • Chen • Strayer • Bahsi • Zhao • Al-Jarrah • Meidan • Gopal • Habibi • Hossein Honeypots • Anirudh • Khattab • Provos Cryptomining • Eskandari • Zareh • Carlin • Hong • Saad • Wyke • Dong • Binkley • Gu • Zeidanloo • Yen • Jelasity • Villamarin • Nagaraja • Perdisci • Zhang • Chen • Strayer • Bahsi • Zhao • Al-Jarrah • Meidan • Gopal • Habibi • Hossein
  • 7.
  • 9. Materials and method • The architecture of the proposed system shown in Fig. 1 represents the major components of the system, their relationships and the interactions between them. • The system first considers the botnet construction phase, during which the network is scanned for vulnerable IoT devices for loading the malware. The detection of a botnet is implemented through sparse autoencoder that uses data compression to enhance performance. Cryptojacking is detected to avoid illegitimate mining and ensure an optimal resource usage. The final phase controls the propagation of an IoT botnet by deploying a honeypot that simulates the behavior of a vulnerable IoT device. The main goal of the proposed system is to develop an NN model that detects and confronts botnet propagation and cryptojacking by using pattern analysis and outlier detection methods. • The bot master logs into the CnC server and issues control commands to IoT devices. The scanner performs a dictionary attack on the victim IoT devices and tries to login into the telnet or SSH server of the IoT device. If the login attempt is successful, the scanner reports the IP address of the IoT device back to the loader. The loader transforms the IoT device into an IoT bot by downloading the cryptojacking malware to the device and running it. The cross-compiler compiles the botnet source code into executables and binaries for various target platforms of IoT devices. Once the botnet malware compromises the victim’s system, the cryptomining activity is carried over by sending appropriate commands.
  • 10. Setting up a Mirai botnet • Mirai is a variant of IoT botnets malware that has taken advantage of significant gaps in IoT device security. Mirai is based on a client–server model. A virtual private server (VPS) on AWS Lightsail is rented for hosting the Mirai malware. It is a Debian VPS with 512 MB of RAM, 1 virtual CPU and 20 GB SSD. It hosts three servers and utilities. The command-and- control server launches the attack vectors by providing a root login to the bot master. The scanner scans for vulnerable IoT devices on ports 23 (telnet), 22 (SSH) and 80 (HTTP). The loader loads the Mirai variant and the cryptominer onto the IoT device provided by the scanner. Utilities such as a MySQL database, cross-compilers and attack vectors are also hosted on the VPS.
  • 11. Scanner and loader • The scanner serves the purpose of identifying the vulnerable devices on the network. It performs port scanning on telnet port 23, SSH port 22 and HTTP port 80 looking for vulnerable IoT devices. Afterward, it launches a dictionary attack on the port that was open during port scanning. The scanner, running on port 48101 of the virtual private server, gains access to the IoT devices. Once shell access has been obtained, the IP address of the bot is sent to the loader. An ongoing scanning by the loader ensures that the vulnerable device is reinfected if it has been rebooted. The loader performs two operations: loading both the Mirai and cryptojacking malware onto the vulnerable IoT device and acting as a listening server by reporting all the login attempts and maintaining a whitelist of the identified potential bots on the MySQL server. Continuous scanning of loader ensures that the device gets infected again if it has been rebooted. With the help of a utility called BusyBox, the precompiled Mirai variant and cryptominer are downloaded using wget and TFTP. This IoT bot in turn infects the vulnerable devices in its vicinity by recursively performing the port scanning and dictionary attacks.
  • 12. Command-and-control server • The CnC server in Fig. 2 is the powerhouse of the botnet architecture and issues command to IoT botnets to launch large-scale attacks. The bot master logs in as root into the CnC server. The server runs on telnet port 23 on the VPS. The username and password of the bot master are entered at the login prompt to obtain root access. Once the root access has been gained, a command is issued from the C&C Server to start the execution of Cryptominer in the background. As the miner performs mining activities without the knowledge of the user, this process can be considered as Cryptojacking. Various attack vectors are installed into the C&C to launch Distributed Denial of Service (DDoS) attack. Various floods for DDoS attack such as GRE-ETH, UDPPlain, HTTP, UDP, VSE, DNS, SYN, ACK, STOMP and GRE-IP are executed from the “attack.go” file.
  • 14. IoT botnet detection • A sparse autoencoder is a neural network-based anomaly detector trained to reconstruct its inputs after some compression. During compression, the sparsity factor ensures that the activation rate stays low so that a neuron in the hidden layer activates only for a small fraction of the training sample. Compression ensures that the network learns meaningful concepts and the relations among its input features. The network packets are collected during two different phases. The first phase occurs before the network has become a botnet. The traffic during this phase is the characteristics of the normal behavior of the network and is used for training the anomaly detector. In the second phase, the data are collected after the network has turned into a botnet. Such traffic exhibits the anomalous behavior of the botnet and is used for detection. The data collected are categorized into three datasets: • 1. Training set (DStrn) used for training the sparse autoencoder to perform anomaly detection, • 2. Optimization set (DSopt) used for optimizing the learning rate and epochs until the mean square error (MSE) stops decreasing • 3. Testing set (DStest) used for calculating the accuracy of the trained anomaly detector.
  • 15. Cryptojacking detection • Though the botnet has been detected, the cryptomining activity will still be running in the background on the IoT device, consuming all the resources. The proposed cryptomining detection method has several stages, as explained briefly below. Detection based on network traffic: Most of the mining activities are performed using the Stratum mining protocol. Stratum is a line-based protocol using plain TCP sockets, with payload encoded as a JSON-RPC message. There is a high probability that mining activity can be detected if Stratum packets are observed in the network traffic. The request and reply messages are constructed using JSON-RPC. The network traffic is captured and analyzed to obtain the consequent “ids” and their reply messages. The decoded hexadecimal values of the entirety of data in the packets will be displayed according to their timestamps and IPs. The packets are analyzed using a regular expression to detect a pattern. Once a recognized pattern has been detected, the IP and port information are used to obtain the process id of the malware so that a kill signal (SIGKILL) can be sent to it. • Detection based on resource usage: • Another important constraint arises from the anomalies in CPU usage over time. If cryptojacking malware was running, the IoT device would use all of its resources to perform complex computations, which would result in high CPU or GPU and memory usage. The CPU usage over a certain period of time is obtained so that anomalies in it can be detected.
  • 17. Conclusions • The exponential growth of IoT devices has made it easier to perform many tasks through automation. However, such devices remain rather insecure, which allows them to become compromised and used without authorization. IoT botnets represent one major threat to Internet security and cloud providers. We have demonstrated our proposed method by setting up bots running variants of Mirai and forming an IoT botnet that generates a very large number of requests, causing a flash crowd. The proposed sparse autoencoder and an outlier detection method provide an effi-cient way of detecting and controlling IoT botnets and cryptojacking by forecasting them in advance. The proposed sparse autoencoder system detects an IoT botnet with accuracy, precision and recall of 99.69%, 100% and 99.39%, respectively, and attains an F1 score of 0.99. The outlier detection method attains a misclassification rate of 1.5%, thereby curtailing most of the illegitimate requests. The performance improvement demonstrated on the Amazon cloud platform is a 19% improvement in processing time, 34% optimization of connection time and 18% reduction in waiting time. This study can be further extended by controlling botnet propagation in a network through a tightly coupled decentralized peer-to-peer detection system that efficiently identifies malicious traffic across federated clouds.

Editor's Notes

  1. SCADA is an acronym for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation.