Asee peer logo

Capability Analysis of Internet of Things (IoT) Devices in Botnets and Implications for Cyber Security Risk Assessment Processes

Download Paper |


2018 ASEE Annual Conference & Exposition


Salt Lake City, Utah

Publication Date

June 23, 2018

Start Date

June 23, 2018

End Date

July 27, 2018

Conference Session

Topics in Computing and Information Technology-I

Tagged Division

Computing and Information Technology

Page Count




Permanent URL

Download Count


Request a correction

Paper Authors


Andrew R. Schmitt Metropolitan State University

visit author page

Andrew Schmitt is an information security professional with a passion for networking. Starting his career in application and end-user support, his passion for network and security technologies was quickly realized. Currently, Schmitt is a cybersecurity professional with a focus on network security and network threat prevention. Additionally, he is a community faculty member at Metropolitan State University where he teaches cybersecurity courses. His favorite part of being an information security professional is the rapidly changing environment and the challenge of keeping enterprises protected.

visit author page


Theresa Chasar Newell Brands

visit author page

Theresa Chasar is an Information Security Operations Director who works with Newell Brands to protect the company’s critical assets and continuously monitor and improve its security defenses. Theresa applies her depth of experience in security engineering and technical architecture to business initiatives, ensuring the alignment of innovation and security. She believes that a balance between business operations and security operations is achievable when teams collaborate on a shared vision.

Theresa holds a Master’s degree in Security Technologies from the University of Minnesota.

visit author page


Mangaya Sivagnanam Ingersoll Rand

visit author page

Mangaya Sivagnanam is a principal cybersecurity systems architect with 17 years of experience in software applications design, analysis, development, testing and deployment of web/enterprise based on client/server applications and commercial industrial control systems. She is responsible for the framework and application design and development of web-based and embedded software for control systems. Mangaya has expertise and experience in innovation, security architecture for the web application, industrial control systems, internet of things, mobile, cloud computing, big data security, smart connected buildings and smart cities. She has extensive experience with heterogeneous system’s software design (Secure SDLC), threat modeling, security and risk analysis, penetration testing. She is also responsible for coordinating and managing the incident response process for the advanced building automation systems and solutions. She received an MS degree in Security Technologies | Cybersecurity in Technology Leadership Institute University of Minnesota.

visit author page


Faisal Kaleem Metropolitan State University Orcid 16x16

visit author page

Dr. Faisal Kaleem received his Ph.D. in Electrical Engineering from Florida International University (FIU), Miami, FL. Since 1998 he has served as an educator in different academic institutions. Currently, he is serving as an Associate Professor in the Department of Information and Computer Sciences at Metropolitan State University, and a Senior Fellow at the Leadership Institute (TLI) at the University of Minnesota. Dr. Kaleem is an experienced lifelong cybersecurity practitioner. His research interests include multiple aspects of cybersecurity including Smart Grid Security, Computer, and Network Security but more specifically in the area of mobile device security, mobile malware analysis, and attribution, and mobile forensics. In the past few years, Dr. Kaleem has developed and taught several courses (Ethical Hacking, Digital Forensics Engineering, Mobile Device Forensics, Malware Reverse Engineering, etc.) in the area of cybersecurity.

Dr. Kaleem has extensive experience managing federally funded cybersecurity programs, including programs funded by the National Science Foundation (NSF) to conduct research using Smart Glasses applications to identify the unique skillsets of cybersecurity analysts, learning gaps, and augmented reality learning solutions. In addition, he recently received NSA grants to provide cybersecurity training to veterans and other underrepresented communities. He also developed modules on Mobile Forensics with grant support from Intel Corporation. With the help of Minnesota IT Center of excellence, Dr. Kaleem has established MnCyber—a statewide institute for Cybersecurity and forensics research and education. He is currently serving as the executive director of MnCyber. He is also the co-founder and executive member of Minnesota Cyber Career Consortium (MNC3) whose mission is to address Minnesota’s cybersecurity workforce needs and to help assist Minnesota businesses in handling cyber risks.

Dr. Kaleem has established a solid track record in teaching and has received numerous awards including the best professor and the best course awards (cybersecurity) from various graduating cohorts. Dr. Kaleem is an advisory board member to various organizations as well as the faculty advisor for the Cybersecurity and Forensics Students Organization. He also leads the Collegiate Cyber Defense Competition (CCDC) at Metropolitan State University. During his free time, he also provides various Internet Safety workshop for parents and children. Dr. Kaleem served as the program committee member for NICE 2016 conference as well as the Academic co-chair of the NICE 2017 conference that was held in Dayton, OH. He continually appears on various local news channels discussing various issues in the area of cybersecurity and currently holds various industry certifications such as CISSP, CEH, Security+, MCT, CCLO, and CCPA.

visit author page

Download Paper |


Internet of Things based botnet attacks are increasing. In September 2016, "Krebs on Security," which focuses on security news and investigation, was taken offline after a sustained Distributed Denial of Service (DDoS) attack. The botnet, comprised of IoT devices, generated over 636 Gb of traffic per second. DDoS attacks following the attack on Krebs have generated over 1.2 Tb per second. To date, there is limited research to quantify the attack capabilities of IoT devices. Our research analyzes the maximum attack capability that can be generated and harnessed in a single target IoT botnet attack. This analysis will help defenders predict how DDoS attacks will affect their systems and consequently architect resilient infrastructure solutions. As the IoT landscape continues to grow, this paper provides timely research for security professionals who need to understand attack capabilities in an IoT based botnet and the risk associated with potential botnet DDoS attacks.

Schmitt, A. R., & Chasar, T., & Sivagnanam, M., & Kaleem, F. (2018, June), Capability Analysis of Internet of Things (IoT) Devices in Botnets and Implications for Cyber Security Risk Assessment Processes Paper presented at 2018 ASEE Annual Conference & Exposition , Salt Lake City, Utah. 10.18260/1-2--30173

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2018 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015