Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 7178164, 30 pages
Review Article

DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation

1DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark
2Centre for Applied Autonomous Sensor Systems (AASS), Örebro University, Örebro, Sweden
3Computer Science Department, Sapienza University of Rome, Rome, Italy

Correspondence should be addressed to Nicola Dragoni; kd.utd@ardn

Received 21 July 2017; Accepted 22 November 2017; Published 18 February 2018

Academic Editor: Michele Bugliesi

Copyright © 2018 Michele De Donno et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.