Log Poisoning Attacks in IoT: Methodologies, Evasion, Detection, Mitigation, and Criticality Analysis

Abstract

Read online

Log poisoning is a cyber-attack where adversaries manipulate systems’ log files to conceal their activities or execute malicious codes. This paper thoroughly examines log poisoning attacks, focusing on demonstrating methodologies applied to prevalent Internet of Things (IoT) platforms, such as the Raspberry Pi. We introduce a novel technique that circumvents the protective mechanisms of Linux-based devices, which truncates the injected malicious code in sensitive log files. Furthermore, a novel persistence technique that allows the attacker to maintain a persistent connection with the Linux-based target device was introduced. Moreover, we propose an evasive technique that enables adversaries to effectively conceal their log poisoning attacks by executing them through encrypted tunnels using a virtual private network (VPN). Through Intrusion Modes and Criticality Analysis (IMECA), we analyze the severity and potential impact of these attacks and propose mitigation strategies to avoid the occurrence of such attacks in order to maintain the confidentiality, integrity, and reliability of IoT ecosystems. To counteract the threat, we design a Python script that detects and mitigates log poisoning attacks, specifically against malicious codes injected into logs, without requiring the log file to be set as executable.

Keywords

• Cyber attacks
• log poisoning
• log injection
• Internet of Things (IoT)
• malicious code