Implementation of White-Hat Worms Using Mirai Source Code and Its Optimization through Parameter Tuning

Abstract

Read online

Mirai, an IoT malware that emerged in 2016, has been used for large-scale DDoS attacks. The Mirai source code is publicly available and continues to be a threat with a variety of variants still in existence. In this paper, we propose an implementation system for malicious and white-hat worms created using the Mirai source code, as well as a general and detailed implementation method for white-hat worms that is not limited to the Mirai source code. The white-hat worms have the function of a secondary infection, in which the white-hat worm disinfects the malicious worm by infecting devices already infected by the malicious worm, and two parameters, the values of which can be changed to modify the rate at which the white-hat worms can spread their infection. The values of the parameters of the best white-hat worm for disinfection of the malicious botnet and the impact of the value of each parameter on the disinfection of the malicious botnet were analyzed in detail. The analysis revealed that for a white-hat worm to disinfect a malicious botnet, it must be able to infect at least 80% of all devices and maintain that situation for at least 300 s. Then, by tuning and optimizing the values of the white-hat worm’s parameters, we were able to successfully eliminate the malicious botnet, demonstrating the effectiveness of the white-hat botnet’s function of eliminating the malicious botnet.

Keywords

• Mirai
• IoT
• BDS
• botnet defense system
• implementation
• white-hat worm