: 32-44
Received: December 01, 2021
Lviv Polytechnic National University
Lviv Polytechnik National University

This paper has been devoted to the development of session analysis systems with IoT devices for protection against botnets and as a consequence of the protection of Internet of Things devices from the intrusion of malicious bot networks. To implement it, our own botnet based on the SSH protocol has been developed. To ensure high reliability and decentralization, the botnet manages through a separate database server, which
contains information about the status of bots, as well as general information about each of them. The proposed system of session analysis is implemented on the principle of Honeynet networks, but is essentially hybrid, as it uses a model of stand-alone agents, a model of network monitoring, and a model of intrusion detection based on behavior. The command server can steal files from an infected bot, perform any operations on behalf of the administrator, and affect smart devices. A smartwatch using Bluetooth LE was used for the study. As a result, we have created our own botnet protection system, which allows us to analyze the host and identify the main signs of the presence of this host in the bot network. This allows you to react quickly and start counteracting such an infection. The system allows you to obtain data on established active SSH connections, commands that are launched remotely on this host, as well as automatically block established connections and prevent the intrusion of new ones. As a result of testing the proposed system, an attack was made on the IoT device and an attacker was blocked, which confirms the effectiveness of its development.

[1] Botnets and their types // EC-Council. URL:
[2] Sochor T., Zuzcak M. (2014), Study of Internet Threats and Attack Methods Using Honeypots and Honeynets. In: Kwiecień A., Gaj P., Stera P. (eds) Computer Networks. CN 2014. Communications in Computer and Information Science, Vol. 431. Springer, Cham. URL:
[3] Livadas C., Walsh R., Lapsley D., and Strayer W. (2006) “Using machine learning techniques to identify botnet traffic”, in Proceedings of the 2nd IEEE LCN Workshop on Network Security (WoNS’2006).
[4] Binkley J. and Singh S. (2006), “An algorithm for anomaly-based botnet detection, in Proceedings of USENIX SRUTI’06.
[5] Kang B. B. H. (2011), DNS-Based Botnet Detection. In: van Tilborg H. C. A., Jajodia S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. URL:
[6] Cafuta D., Sruk V., Dodig I. (2018),“Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness”, Technical Gazette, 25, 2(2018), pp. 390–40.
[7] Xingguo Li, JunfengWang, Xiaosong Zhang (2017), “Botnet Detection Technology Based on DNS”, Future Internet, 9, 55. DOI:10.3390/fi9040055.
[8] Karawash A. (2015), Data protection and Brute Force attack, ResearchGate.
[9] The Attribute Protocol (ATT) // Dialog Semiconductor. URL:
[10] Lee D. (2016), Recursive DNS: What It Is And Why You Should Care, Neystar. URL:
[11] Water Torture: A Slow Drip DNS DDoS Attack (2014), Secure64 Software Corporation. URL:
[12] 1Modeling and Evaluating the Resilience of Peer-to-Peer Botnets (2013) / [C. Rossow, D. Andriesse, T. Werner та ін.], IEEE.