Abstract
Along with the rapid development of the IoT, the security issue of the IoT devices has also been greatly challenged. The variants of the IoT malware are constantly emerging. However, there is lacking of an IoT malware analysis architecture to extract and detect the malware behaviors. This paper addresses the problem and propose an IoT behavior analysis and detection architecture. We integrate the static and dynamic behavior analysis and network traffic analysis to understand and evaluate the IoT malware’s behaviors and spread range. The experiment on Mirai malware and several variants shows that the architecture is comprehensive and effective for the IoT malware behavior analysis as well as spread range monitoring.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jing, Q., et al.: Security of the IoT: perspectives and challenges. Wirel. Netw. 20(8), 2481–2501 (2014)
Kolias, C., et al.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Gandotra, E., Bansal, D., Sofat, S.: Malware analysis and classification: a survey. J. Inf. Secur. 5(02), 56 (2014)
Ding, Y., et al.: Control flow-based opcode behavior analysis for Malware detection. Comput. Secur. 44, 65–74 (2014)
Zhang, Z.K., Cho, M.C.Y., Wang, C.W., et al.: IoT security: ongoing challenges and research opportunities. In: IEEE International Conference on Service-Oriented Computing and Applications, pp. 230–234. IEEE (2014)
Davidson, D., Moench, B., Jha, S., et al.: FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: Usenix Conference on Security, pp. 463–478. USENIX Association (2013)
Zaddach, J., Bruno, L., Francillon, A., et al.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. In: Network and Distributed System Security Symposium (2014)
Ham, H.S., Kim, H.H., Kim, M.S., et al.: Linear SVM-based android malware detection for reliable IoT services. J. Appl. Math. 2014(4), 1–10 (2014)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: Proceedings of USENIX Security Symposium (2008)
Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet detection. Advances in Information Security, vol. 36, pp. 1–24. Springer, Boston (2008). https://doi.org/10.1007/978-0-387-68768-1_1
Bekerman, D., Shapira, B., Rokach, L., Bar, A.: Unknown malware detection using network traffic classification. In: Proceedings of IEEE Conference on Communications and Network Security (CNS) (2015)
Binkley, J.R., Singh, S.: An algorithm for anomaly-based botnet detection. In: Proceedings of USENIX SRUTI 2006, pp. 43–48, July 2006
Edwards, S., Profetis, I.: Hajime: analysis of a decentralized internet worm for IoT devices. Rapidity Netw. (2016)
Li, F.: Blog. https://blog.netlab.360.com/a-few-observations-of-the-new-mirai-variant-on-port-7547/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liu, Z. et al. (2019). An Integrated Architecture for IoT Malware Analysis and Detection. In: Li, B., Yang, M., Yuan, H., Yan, Z. (eds) IoT as a Service. IoTaaS 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 271. Springer, Cham. https://doi.org/10.1007/978-3-030-14657-3_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-14657-3_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14656-6
Online ISBN: 978-3-030-14657-3
eBook Packages: Computer ScienceComputer Science (R0)