Creating a Large-scale Memory Error IoT Botnet Using NS3DockerEmulator

DDoSim, a simulation testbed for mimicking real-world, large-scale botnet DDoS attacks, is presented. DDoSim offers various capabilities, including running user-specified software, testing botnet-recruitment exploits, and measuring the severity of resulting DDoS attacks. DDoSim leverages NS3DockerEmulator's Docker and NS-3 integration to load Docker containers with actual binaries and connect them over a simulated NS-3 network. DDoSim is validated through a comparison with results from real hardware experiments. This paper focuses on the results of an experiment series concerning deploying a memory error botnet on IoT devices. Unlike the Mirai attack, which relies on default credentials, these experiments exploit memory error vulnerabilities to access IoT devices. DDoSim also implements realistic IoT churn, reflecting dynamic network conditions in real-world IoT environments. The results reveal that memory error vulnerabilities enable botnet recruitment, while network conditions, attack size, and duration all have a proportional impact on target servers. DDoSim is publicly available for researchers' use.