Top

Published in:

2020 | OriginalPaper | Chapter

Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection

Authors : Afsah Anwar, Hisham Alasmary, Jeman Park, An Wang, Songqing Chen, David Mohaisen

Published in: Information and Communications Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Software vulnerabilities in emerging systems, such as the Internet of Things (IoT), allow for multiple attack vectors that are exploited by adversaries for malicious intents. One of such vectors is malware, where limited efforts have been dedicated to IoT malware analysis, characterization, and understanding. In this paper, we analyze recent IoT malware through the lenses of static analysis. Towards this, we reverse-engineer and perform a detailed analysis of almost 2,900 IoT malware samples of eight different architectures across multiple analysis directions. We conduct string analysis, unveiling operation, unique textual characteristics, and network dependencies. Through the control flow graph analysis, we unveil unique graph-theoretic features. Through the function analysis, we address obfuscation by function approximation. We then pursue two applications based on our analysis: 1) Combining various analysis aspects, we reconstruct the infection lifecycle of various prominent malware families, and 2) using multiple classes of features obtained from our static analysis, we design a machine learning-based detection model with features that are robust and an average detection rate of 99.8%.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Complete Cryptanalysis of the Post-Quantum Multivariate Signature Scheme Himq-3

next chapter Analysis of Industrial Device Architectures for Real-Time Operations Under Denial of Service Attacks

Available only for authorised users

Aggarwal, C., Srivastava, K.: Securing IoT devices using SDN and edge computing. In: Proceedings of the 2nd International Conference on Next Generation Computing Technologies (NGCT), pp. 877–882. Uttarakhand, October 2016

Alasmary, H., Anwar, A., Park, J., Choi, J., Nyang, D., Mohaisen, A.: Graph-based comparison of IoT and android malware. In: Chen, X., Sen, A., Li, W.W., Thai, M.T. (eds.) CSoNet 2018. LNCS, vol. 11280, pp. 259–272. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04648-4_22CrossRef

Alasmary, H., et al.: Analyzing and detecting emerging Internet of Things malware: a graph-based approach. IEEE Internet Things J. 6(5), 8977–8988 (2019)CrossRef

Angrishi, K.: Turning Internet of Things IoT into Internet of Vulnerabilities IoV : IoT botnets. Computing Research Repository (CoRR) abs/1702.03681 (2017)

Antonakakis, M., et al.: Understanding the Mirai botnet. In: 26th USENIX Security Symposium, USENIX Security, pp. 1093–1110, Vancouver, August 2017

Azmoodeh, A., Dehghantanha, A., Choo, K.K.R.: Robust malware detection for Internet of (battlefield) Things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4(1), 88–95 (2018)CrossRef

CBSNews: Baby monitor hacker delivers creepy message to child. https://tinyurl.com/y9g9948c. Accessed 2015

Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding Linux malware. In: IEEE Symposium on Security and Privacy (2018)

Developers: OpenWrt project. https://openwrt.org. Accessed 2018

10.

Developers: VirusTotal. https://www.virustotal.com. Accessed 2018

11.

Donno, M.D., Dragoni, N., Giaretta, A., Spognardi, A.: DDoS-capable IoT malwares: comparative analysis and Mirai investigation. Secur. Commun. Netw. 2018, 7178164:1–7178164:30 (2018)CrossRef

12.

Van der Elzen, I., van Heugten, J.: Techniques for detecting compromised IoT devices. University of Amsterdam (2017)

13.

Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 576–587 (2014)

14.

von Ahn’s A., Research Group: Offensive/profane word list. https://www.cs.cmu.edu/~biglou/resources/. Accessed 2018

15.

Ham, H., Kim, H., Kim, M., Choi, M.: Linear SVM-based android malware detection for reliable IoT services. J. Appl. Math. 2014, 594501:1–594501:10 (2014)CrossRef

16.

IANA: Service name and transport protocol port number registry. https://tinyurl.com/mjusju4. Accessed 2018

17.

, P.R.C. for Information Security: IoTPOT - analysing the rise of IoT compromises (2016). http://ipsr.ynu.ac.jp/iot/

18.

Ismail, N.: The Internet of Things: the security crisis of 2018? (2016). https://tinyurl.com/ybsfcsg9

19.

Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)CrossRef

20.

MalwareMustDie: Mirai-source-code (2016). https://github.com/jgamblin/Mirai-Source-Code

21.

Milosevic, J., Malek, M., Ferrante, A.: A friend or a foe? detecting malware using memory and CPU features. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications, pp. 73–84 (2016)

22.

NBCNews: Smart refrigerators hacked to send out spam: report. https://tinyurl.com/y9zjpybg. Accessed 2014

23.

Newman, P.: The Internet of Things 2018 report: how the IoT is evolving to reach the mainstream with businesses and consumers (2018). https://tinyurl.com/y8xugzno

24.

Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: a novel honeypot for revealing current IoT threats. J. Inf. Process. (JIP) 24, 522–533 (2016)

25.

Sebastián, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230–253. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_11CrossRef

26.

Spring, T.: Mirai variant targets financial sector with IoT DDoS attacks. https://tinyurl.com/yaecazap. Accessed 2017

27.

Su, J., Vargas, D.V., Prasad, S., Sgandurra, D., Feng, Y., Sakurai, K.: Lightweight classification of IoT malware based on image recognition. arXiv preprint arXiv:1802.03714 (2018)

Title: Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection
Authors: Afsah Anwar
Hisham Alasmary
Jeman Park
An Wang
Songqing Chen
David Mohaisen
Publisher: Springer International Publishing
Book: Information and Communications Security
Print ISBN: 978-3-030-61077-7

Electronic ISBN: 978-3-030-61078-4

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-61078-4_25

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner