Understanding the Mirai Botnet
![](https://b3442631.smushcdn.com/3442631/wp-content/uploads/2017/08/Capture-7-1094x500.png?lossy=1&strip=1&webp=1)
The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. In this paper, we provide a seven-month retrospective analysis of Mirai’s growth to a peak of 600k infections and a history of its DDoS victims. By combining a variety of measurement perspectives, we analyze how the botnet emerged, what classes of devices were affected, and how Mirai variants evolved and competed for vulnerable hosts. Our measurements serve as a lens into the fragile ecosystem of IoT devices. We argue that Mirai may represent a sea change in the evolutionary development of botnets—the simplicity through which devices were infectedanditsprecipitousgrowth,demonstratethatnovice malicious techniques can compromise enough low-end devicestothreatenevensomeofthebest-defendedtargets. To address this risk, we recommend technical and nontechnicalinterventions, aswellasproposefutureresearch directions.