A threat modeling framework for IoT-Based botnet attacks.

Internet of Things (IoT) devices are much closer to users than personal computers used in traditional computing environments. Due to prevalence of IoT devices, even if they are compromised and used in attacks, it is difficult to detect and respond to them. Currently, there has been extensive research on threat modeling for cyberattacks. However, there remains a significant gap in research concerning threat modeling for attacks specially targeting IoT devices within the fifth-generation communication environment. In this paper, we present IoT Targeting-Threat Modeling(I3TM) framework established by analyzing botnets that are appeared before 2021 such as Mirai, Pink etc. Through this framework, we identify tactics and techniques to respond to the attacks. Using the identified tactics and techniques from our proposed framework, we can promptly respond to the newly detected attacks. We constructed a Threat Modeling Framework Keyword-Based Metrics to show extracted keywords from reports, academic papers, and white paper that identifies the features of botnet. We also provide an objective way to apply those keywords to the framework. Our framework is organized to analyze the attack process of botnets that may occur against IoT. The framework derives execution for each tactic for objective analysis based on keywords. In the validation for the framework, I3TM identified eight Tactics from Medusa botnet. If the application of the I3TM framework is continuously accumulated, a baseline of similar attack methods and data will be formed. In future research, we are planning to append mitigations for the attacks targeting IoT to the I3TM framework.