{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:33:12Z","timestamp":1760239992471,"version":"build-2065373602"},"reference-count":33,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2019,2,18]],"date-time":"2019-02-18T00:00:00Z","timestamp":1550448000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Informatics"],"abstract":"<jats:p>The growth of the Internet of Things (IoT), and demand for low-cost, easy-to-deploy devices, has led to the production of swathes of insecure Internet-connected devices. Many can be exploited and leveraged to perform large-scale attacks on the Internet, such as those seen by the Mirai botnet. This paper presents a cross-sectional study of how users value and perceive security and privacy in smart devices found within the IoT. It analyzes user requirements from IoT devices, and the importance placed upon security and privacy. An experimental setup was used to assess user ability to detect threats, in the context of technical knowledge and experience. It clearly demonstrated that without any clear signs when an IoT device was infected, it was very difficult for consumers to detect and be situationally aware of threats exploiting home networks. It also demonstrated that without adequate presentation of data to users, there is no clear correlation between level of technical knowledge and ability to detect infected devices.<\/jats:p>","DOI":"10.3390\/informatics6010008","type":"journal-article","created":{"date-parts":[[2019,2,19]],"date-time":"2019-02-19T04:08:20Z","timestamp":1550549300000},"page":"8","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Evaluating Awareness and Perception of Botnet Activity within Consumer Internet-of-Things (IoT) Networks"],"prefix":"10.3390","volume":"6","author":[{"given":"Christopher D.","family":"McDermott","sequence":"first","affiliation":[{"name":"School of Computing Science and Digital Media, Robert Gordon University, Aberdeen AB10 7GJ, UK"}]},{"given":"John P.","family":"Isaacs","sequence":"additional","affiliation":[{"name":"School of Computing Science and Digital Media, Robert Gordon University, Aberdeen AB10 7GJ, UK"}]},{"given":"Andrei V.","family":"Petrovski","sequence":"additional","affiliation":[{"name":"School of Computing Science and Digital Media, Robert Gordon University, Aberdeen AB10 7GJ, UK"}]}],"member":"1968","published-online":{"date-parts":[[2019,2,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Aazam, M., St-Hilaire, M., Lung, C.H., Lambadaris, I., and Huh, E.N. (2018). IoT Resource Estimation Challenges and Modeling in Fog, Springer International Publishing.","DOI":"10.1007\/978-3-319-57639-8_2"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2787","DOI":"10.1016\/j.comnet.2010.05.010","article-title":"The Internet of Things: A survey","volume":"54","author":"Atzori","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"586","DOI":"10.1109\/TETC.2016.2606384","article-title":"A Comprehensive Study of Security of Internet-of-Things","volume":"5","author":"Mosenia","year":"2017","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"45","DOI":"10.5121\/ijcnc.2017.9404","article-title":"Investigation of Computational Intelligence Techniques for Intrusion Detection in Wireless Sensor Networks","volume":"9","author":"McDermott","year":"2017","journal-title":"Int. J. Comput. Netw. Commun. (IJCNC)"},{"key":"ref_5","unstructured":"(2018, November 28). Shodan. Available online: https:\/\/www.shodan.io\/."},{"key":"ref_6","unstructured":"Moganedi, S., and Mtsweni, J. (June, January 30). Beyond the convenience of the internet of things: Security and privacy concerns. Proceedings of the IST-Africa Week Conference (IST-Africa), Windhoek, Namibia."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1016\/j.cose.2013.12.003","article-title":"Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)","volume":"42","author":"Parsons","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1016\/j.cose.2017.01.004","article-title":"The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies","volume":"66","author":"Parsons","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2015.10.002","article-title":"Analysis of personal information security behavior and awareness","volume":"56","author":"Chouseinoglou","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_10","unstructured":"Tryfonas, T. (2017). Exploring Consumers\u2019 Attitudes of Smart TV Related Privacy Risks. Human Aspects of Information Security, Privacy and Trust, Springer International Publishing."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Takemura, T. (2011, January 19\u201322). Empirical Analysis of Behavior on Information Security. Proceedings of the International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, Dalian, China.","DOI":"10.1109\/iThings\/CPSCom.2011.8"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"San-Jos\u00e9, P.P., and de la Fuente Rodriguez, S. (2011, January 10). Study on Information Security and e-Trust in Spanish Households. Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Salzburg, Austria.","DOI":"10.1145\/1978672.1978673"},{"key":"ref_13","unstructured":"Parsons, K., McCormac, A., Pattison, M., Butavicius, M., and Jerram, C. (2013, January 8\u201310). An Analysis of Information Security Vulnerabilities at Three Australian Government Organisations. Proceedings of the European Information Security Multi-Conference, Lisbon, Portugal."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Zaaba, Z.F., Furnell, S.M., and Dowland, P.S. (2014, January 17\u201318). A study on improving security warnings. Proceedings of the 5th International Conference on Information and Communication Technology for the Muslim World (ICT4M), Kuching, Malaysia.","DOI":"10.1109\/ICT4M.2014.7020633"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"624","DOI":"10.1016\/j.procs.2017.12.198","article-title":"Usable Security: Revealing End-Users Comprehensions on Security Warnings","volume":"124","author":"Amran","year":"2017","journal-title":"Procedia Comput. Sci."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Shepherd, L.A., Archibald, J., and Ferguson, R.I. (2017). Assessing the Impact of Affective Feedback on End-User Security Awareness. Human Aspects of Information Security, Privacy and Trust, Springer International Publishing.","DOI":"10.1007\/978-3-319-58460-7_10"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1016\/j.chb.2016.11.065","article-title":"Individual differences and Information Security Awareness","volume":"69","author":"McCormac","year":"2017","journal-title":"Comput. Hum. Behav."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Legg, P.A. (2016, January 13\u201314). Enhancing cyber situation awareness for Non-Expert Users using visual analytics. Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), London, UK.","DOI":"10.1109\/CyberSA.2016.7503278"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Zimmermann, V., and Gerber, N. (2017). \u201cIf it Wasn\u2019t Secure, They Would Not Use It in the Movies\u201d\u2014Security Perceptions and User Acceptance of Authentication Technologies. Human Aspects of Information Security, Privacy and Trust, Springer International Publishing.","DOI":"10.1007\/978-3-319-58460-7_18"},{"key":"ref_20","unstructured":"Verisign (2017). Verisign Distributed Denial of Service Trends Report. Comput. Netw., 4, 3\u20136."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and Other Botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"McDermott, C.D., Majdani, F., and Petrovski, A.V. (2018, January 8\u201313). Botnet Detection in the Internet of Things using Deep Learning Approaches. Proceedings of the International Joint Conference on Neural Networks (IJCNN), Rio de Janeiro, Brazil.","DOI":"10.1109\/IJCNN.2018.8489489"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Jerkins, J.A. (2017, January 9\u201311). Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. Proceedings of the IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC.2017.7868464"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Sinanovi\u0107, H., and Mrdovic, S. (2017, January 21\u201323). Analysis of Mirai malicious software. Proceedings of the 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia.","DOI":"10.23919\/SOFTCOM.2017.8115504"},{"key":"ref_25","unstructured":"Krebs, B. (2018, November 28). KrebsOnSecurity Hit with Record DDoS. Available online: https:\/\/tinyurl.com\/jfkk7yp."},{"key":"ref_26","unstructured":"Cooley, L. (2018, November 28). The Evolution of Mirai Botnet Source Code Presents Increased Risk of Large-Scale DDoS Attacks. Available online: http:\/\/www.mondaq.com\/unitedstates\/x\/732962\/."},{"key":"ref_27","unstructured":"Pierluigi Paganini (2018, November 28). Mirai Botnet Evolution Since Its Source Code Is Available Online. Available online: https:\/\/resources.infosecinstitute.com."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1002\/ejsp.2049","article-title":"Is the privacy paradox a relic of the past? An in-depth analysis of privacy attitudes and privacy behaviors","volume":"45","author":"Dienlin","year":"2015","journal-title":"Eur. J. Soc. Psychol."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1038","DOI":"10.1016\/j.tele.2017.04.013","article-title":"The Privacy Paradox\u2014Investigating Discrepancies between Expressed Privacy Concerns and Actual Online Behavior\u2014A Systematic Literature Review","volume":"34","author":"Barth","year":"2017","journal-title":"Telemat. Inform."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Potzsch, S. (2009). Privacy Awareness: A Means to Solve the Privacy Paradox?. The Future of Identity in the Information Society, Springer.","DOI":"10.1007\/978-3-642-03315-5_17"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Onwubiko, C., and Owens, T. (2012). Review of Situational Awareness for Computer Network Defense. Situational Awareness in Computer Network Defense: Principles, Methods and Applications, IGI Global.","DOI":"10.4018\/978-1-4666-0104-8"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Onwubiko, C., and Owens, T. (2009, January 8\u201311). Functional Requirements of Situational Awareness in Computer Network Security. Proceedings of the IEEE International Conference on Intelligence and Security Informatics, Dallas, TX, USA.","DOI":"10.1109\/ISI.2009.5137305"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Legg, P.A. (2015, January 25). Visualizing the insider threat: Challenges and tools for identifying malicious user activity. Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec), Chicago, IL, USA.","DOI":"10.1109\/VIZSEC.2015.7312772"}],"container-title":["Informatics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2227-9709\/6\/1\/8\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:32:51Z","timestamp":1760185971000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2227-9709\/6\/1\/8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,18]]},"references-count":33,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["informatics6010008"],"URL":"https:\/\/doi.org\/10.3390\/informatics6010008","relation":{},"ISSN":["2227-9709"],"issn-type":[{"type":"electronic","value":"2227-9709"}],"subject":[],"published":{"date-parts":[[2019,2,18]]}}}