Litcius/Paper detail

A comprehensive study of Mozi botnet

Tengfei Tu, Jia‐Wei Qin, Hua Zhang, Miao Chen, Tong Xu, Yue Huang

2022International Journal of Intelligent Systems25 citationsDOI

Abstract

With the trend of digital transformation of enterprises, the use of Internet of Things (IoT) devices is increasing. IoT devices that are not protected by security measures have gradually become targets of attackers. Attackers use weak passwords and software vulnerabilities in the device to invade the device and control it to become a node of the botnet. The Mozi botnet was discovered in December 2019, and its attention has increased day by day, and its influence once exceeded Mirai. After a preliminary reverse analysis of the Mozi samples, we have continued to track the development and changes of the Mozi botnet since February 2021. First, through the in-depth analysis of the communication principles of the Mozi botnet and the distributed sloppy hash table protocol, we have proposed an in-depth analysis of the Mozi botnet. The active detection method of Mozi, through daily and continuous tracking of the number of Mozi nodes, is infinitely close to the boundary of the Mozi network. On the basis of the collected detection data, we give our conclusions on Mozi's node size, global geographic distribution, 24-hour global activity, equipment composition, and Mozi botnet countermeasures. Through this study, we found that the security of IoT devices around the world is not optimistic, and there is an urgent need to increase the security protection of IoT devices. At the same time, we also hope that this study can further promote more research on future botnets.

Topics & Concepts

BotnetComputer scienceComputer securityMalwarePasswordNode (physics)Internet of ThingsThe InternetWorld Wide WebEngineeringStructural engineeringNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesInternet Traffic Analysis and Secure E-voting