1 Introduction
Internet of Things (IoT) devices have become the new cybercrime intermediaries between attackers and users to process cyberat-tacks. For example, in October 2016, a massive distributed denial-of-service (DDoS) attack incapacitated the Domain Name System provider Dyn. This made several Internet platforms and services, such as Amazon, Netflix, PayPal, and Twitter, temporarily unreach-able to numerous users in Europe and North America. This IoT botnet attack was called Mirai and exceeded 600 Gbps in volume at its peak. This overwhelming amount of the traffic was sourced from 65,000 injected IoT devices, including routers, security cam-eras, and digital video recorders [6]. These IoT devices were known at the time to have weak security protection and to be vulnerable to attacks. As reported by Symantec [47], thousands of outdated routers were targeted by the worms exploiting their vulnerabil-ity. Since then, many variants of Mirai have emerged to target the weaknesses of IoT devices. Besides serving as the intermediaries of DDoS attacks, IoT devices were also found to serve as attack proxies for multiple cybercrimes, such as clickjacking and spearphishing [41] [40].