The Mirai botnet has emerged as one of the most persistent and evolving threats targeting Internet of Things devices. Originally designed to orchestrate large-scale Distributed Denial of Service attacks, Mirai compromises devices by exploiting weak credentials and other vulnerabilities. Following the public release of its source code in 2016, numerous variants have proliferated, broadening its attack surface and complicating detection and mitigation efforts. Despite extensive research on Mirai, existing analyses remain fragmented and informal, lacking a structured representation of its attack patterns. This gap hinders the development of precise detection mechanisms and automated response strategies, leaving defenders with ad-hoc solutions rather than systematic countermeasures. In this paper, we present a formalized analysis of Mirai’s tactics, techniques, and procedures using the MITRE ATT&CK framework. Our work introduces a spatio-sequential analysis of Mirai’s attack flow, correlating adversary techniques with impacted assets through D3FEND. Additionally, we propose CACAO playbooks encoding systematic response and recovery actions to counter Mirai infections. To validate our approach, we implement a test environment using Wazuh IDS, demonstrating the effectiveness of our detection rules and automated recovery mechanisms.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Dissecting Mirai: Spatio-Sequential Analysis and Restoration Strategies Using MITRE ATT&CK and D3FEND

  • Zoé Lagache,
  • Pierre-Henri Thevenon,
  • Maxime Puys,
  • Oum-El-Kheir Aktouf

摘要

The Mirai botnet has emerged as one of the most persistent and evolving threats targeting Internet of Things devices. Originally designed to orchestrate large-scale Distributed Denial of Service attacks, Mirai compromises devices by exploiting weak credentials and other vulnerabilities. Following the public release of its source code in 2016, numerous variants have proliferated, broadening its attack surface and complicating detection and mitigation efforts. Despite extensive research on Mirai, existing analyses remain fragmented and informal, lacking a structured representation of its attack patterns. This gap hinders the development of precise detection mechanisms and automated response strategies, leaving defenders with ad-hoc solutions rather than systematic countermeasures. In this paper, we present a formalized analysis of Mirai’s tactics, techniques, and procedures using the MITRE ATT&CK framework. Our work introduces a spatio-sequential analysis of Mirai’s attack flow, correlating adversary techniques with impacted assets through D3FEND. Additionally, we propose CACAO playbooks encoding systematic response and recovery actions to counter Mirai infections. To validate our approach, we implement a test environment using Wazuh IDS, demonstrating the effectiveness of our detection rules and automated recovery mechanisms.