{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T04:17:27Z","timestamp":1769919447143,"version":"3.49.0"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2020,10,12]],"date-time":"2020-10-12T00:00:00Z","timestamp":1602460800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation - Office of Advanced Cyberinfrastructure","award":["#1907821"],"award-info":[{"award-number":["#1907821"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2020,12,31]]},"abstract":"<jats:p>The number of Internet-of-Things (IoT) devices actively communicating across the Internet is continually increasing, as these devices are deployed across a variety of sectors, constantly transferring private data across the Internet. Due to the extensive deployment of such devices, the continuous discovery and persistence of IoT-centric vulnerabilities in protocols, applications, hardware, and the improper management of such IoT devices has resulted in the rampant, uncontrolled spread of malware threatening consumer IoT devices.<\/jats:p>\n          <jats:p>To this end, this work adopts a novel, macroscopic methodology for fingerprinting Internet-scale compromised IoT devices, revealing crucial cyber threat intelligence on the insecurity of consumer IoT devices. By developing data-driven techniques rooted in machine learning methods and analyzing 3.6 TB of network traffic data, we discover 855,916 compromised IP addresses, with 310,164 fingerprinted as IoT. Further analysis reveals China and Brazil to be hosting the most significant population of compromised IoT devices (100,000 and 55,000, respectively). Additionally, we provide a longitudinal analysis on data from one year ago against this work, revealing the evolving trends of IoT exploitation, such as the increased number of vendors targeted by malware, rising from 50 to 131. Moreover, countries such as China (420% increased infected IoT count) and Indonesia (177% increased infected IoT count) have seen notably high increases in infection rates. Last, we compare our geographic results against Global Cybersecurity Index (GCI) ratings, verifying that countries with high GCI ratings, such as the Netherlands and Germany, had relatively low infection rates. However, upon further inspection, we find that the GCI rate does not accurately represent the consumer IoT market, with countries such as China and Russia being rated with \u201chigh\u201d CGI scores, yet hosting a large population of infected consumer IoT devices.<\/jats:p>","DOI":"10.1145\/3394504","type":"journal-article","created":{"date-parts":[[2020,8,15]],"date-time":"2020-08-15T13:20:03Z","timestamp":1597497603000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Internet-scale Insecurity of Consumer Internet of Things"],"prefix":"10.1145","volume":"11","author":[{"given":"Antonio","family":"Mangino","sequence":"first","affiliation":[{"name":"The Cyber Center for Security and Analytics, UT at San Antonio (UTSA)"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Morteza Safaei","family":"Pour","sequence":"additional","affiliation":[{"name":"The Cyber Center for Security and Analytics, UT at San Antonio (UTSA)"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elias","family":"Bou-Harb","sequence":"additional","affiliation":[{"name":"The Cyber Center for Security and Analytics, UT at San Antonio (UTSA)"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,10,12]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.3390\/s18030817"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the 26th USENIX Security Symposium (USENIX Security\u201917)","author":"Antonakakis Manos","year":"2017"},{"key":"e_1_2_1_3_1","volume-title":"Botnets and internet of things security. Computer","author":"Bertino Elisa","year":"2017"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792424"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2016.7510881"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2015.11.004"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2014.6883391"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2016.044"},{"key":"e_1_2_1_10_1","unstructured":"CAIDA. 2018. UCSD Network Telescope\u2014Near-Real-Time Network Telescope Dataset. Retrieved from http:\/\/www.caida.org\/data\/passive\/telescope-near-real-time_dataset.xml.  CAIDA. 2018. UCSD Network Telescope\u2014Near-Real-Time Network Telescope Dataset. Retrieved from http:\/\/www.caida.org\/data\/passive\/telescope-near-real-time_dataset.xml."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23438"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00994018"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 542--553","author":"Durumeric Zakir"},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the USENIX Security Symposium","volume":"8","author":"Durumeric Zakir"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2954884"},{"key":"e_1_2_1_16_1","volume-title":"Hajime: Analysis of a decentralized internet worm for IoT devices. Rapid. Netw. 16","author":"Edwards Sam","year":"2016"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23149"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2497690"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.44"},{"key":"e_1_2_1_20_1","first-page":"1","article-title":"Security evaluation of the Z-Wave wireless protocol","volume":"24","author":"Fouladi Behrang","year":"2013","journal-title":"Black Hat USA"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.23919\/MIPRO.2017.7973622"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3229565.3229572"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897886"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2871866"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3230837"},{"key":"e_1_2_1_26_1","unstructured":"IANA. 2020. Retrieved from https:\/\/www.iana.org\/.  IANA. 2020. Retrieved from https:\/\/www.iana.org\/."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 28th USENIX Security Symposium (USENIX Security\u201919)","author":"Kumar Deepak","year":"2019"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.3390\/info7030044"},{"key":"e_1_2_1_30_1","unstructured":"MaxMind. 2019. Retrieved from https:\/\/dev.maxmind.com\/geoip\/geoip2\/geolite2\/.  MaxMind. 2019. Retrieved from https:\/\/dev.maxmind.com\/geoip\/geoip2\/geolite2\/."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3019612.3019878"},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the IEEE 37th International Conference on Distributed Computing Systems (ICDCS\u201917)","author":"Miettinen Markus","year":"2017"},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the IEEE 21st International Conference on High Performance Computing and Communications","author":"Moradi Hamidreza"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/IOTM.2018.1700021"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2018.8422720"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2019.08.014"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.01.014"},{"key":"e_1_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Morteza Safaei Pour Antonio Mangino Kurt Friday Matthias Rathbun Elias Bou-Harb Farkhund Iqbal Sagar Samtani Jorge Crichigno and Nasir Ghani. 2019. On data-driven curation learning and analysis for inferring evolving Internet-of-Things (IoT) botnets in the wild. Comput. Secur. (2019) 101707.  Morteza Safaei Pour Antonio Mangino Kurt Friday Matthias Rathbun Elias Bou-Harb Farkhund Iqbal Sagar Samtani Jorge Crichigno and Nasir Ghani. 2019. On data-driven curation learning and analysis for inferring evolving Internet-of-Things (IoT) botnets in the wild. Comput. Secur. (2019) 101707.","DOI":"10.1016\/j.cose.2019.101707"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3339272"},{"key":"e_1_2_1_40_1","volume-title":"A new CPA resistant software implementation for symmetric ciphers with smoothed power consumption: SIMON case study. ISeCure 9, 2","author":"Pour Morteza Safaei","year":"2017"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355595"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.13"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2747942"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2018.1700685"},{"key":"e_1_2_1_45_1","unstructured":"Shodan. 2019. The search engine for Internet of things. Retrieved from http:\/\/shodan.io.  Shodan. 2019. The search engine for Internet of things. Retrieved from http:\/\/shodan.io."},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2707489"},{"key":"e_1_2_1_47_1","unstructured":"Censys Team. 2017. Internet-wide scan data repository. Retrieved on 2019 from https:\/\/censys.io\/.  Censys Team. 2017. Internet-wide scan data repository. Retrieved on 2019 from https:\/\/censys.io\/."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00064"},{"key":"e_1_2_1_49_1","unstructured":"International Telecommunication Union. 2018. Retrieved from https:\/\/www.itu.int\/en\/ITU-T\/.  International Telecommunication Union. 2018. Retrieved from https:\/\/www.itu.int\/en\/ITU-T\/."},{"key":"e_1_2_1_50_1","volume-title":"Proceedings of the Workshop on Home Usable Privacy and Security (HUPS\u201914)","author":"Ur Blase","year":"2013"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.enpol.2016.12.047"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASPDAC.2016.7428064"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2018.11.013"}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394504","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3394504","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:31:30Z","timestamp":1750195890000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3394504"}},"subtitle":["An Empirical Measurements Perspective"],"short-title":[],"issued":{"date-parts":[[2020,10,12]]},"references-count":53,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,12,31]]}},"alternative-id":["10.1145\/3394504"],"URL":"https:\/\/doi.org\/10.1145\/3394504","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"value":"2158-656X","type":"print"},{"value":"2158-6578","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,10,12]]},"assertion":[{"value":"2019-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}