IoT Malware Static and Dynamic Analysis System
AUTHORS
Sungwon Lee,Dept. Of Computer Engineering, Yeungnam Univ., 280 Daehak-Ro, Gyeongsan, Gyeongbuk, Republic of Korea
HyeonKyu Jeon,Korea Appraisal Board, 291, Innovalley-ro, Dong-gu, Daegu, Republic of Korea
GiHyun Park,Korea Institute of Arboretum Management, 10, Jeongbu 2cheongsa-ro, Sejong-si, Republic of Korea
JiHun Kim,Daegu Gyeongbuk Institute of Science and Technology, 333, Techno jungang-daero, Hyeonpung-eup, Dalseong-gun, Daegu, Republic of Korea
Jonghee M. Youn,Dept. Of Computer Engineering, Yeungnam Univ., 280 Daehak-Ro, Gyeongsan, Gyeongbuk, Republic of Korea
ABSTRACT
As the spread of IoT systems increases, security of IoT systems has become very important for individuals and companies. IoT malware has been increasing exponentially since the emergence of Mirai in 2016. Since the IoT system environment is diverse, IoT malware also has various environments. In the case of the existing analysis system, there is no environment for dynamic analysis by running IoT malware of various architectures. It is inefficient in time and cost to construct an environment one by one to analyze numerous malicious codes and proceed with analysis. There are so many IoT malware to be analyzed that an efficient method of analysis is required. The goal of this paper is to improve the problems and limitations of the existing analysis system and provide a variety of analysis environments. In this paper, we build a system that automatically analyzes basic IoT malware. It provides an analysis environment by constructing a static analysis and dynamic analysis system suitable for various IoT malware. In the text, the analysis system is applied to the actual collected malicious code to check whether it is analyzed and to derive statistics. It describes the advantages of the designed system and the improvement of existing limitations through comparison with the most commonly used automation analysis tools.
KEYWORDS
Automated analysis, IoT malware classification, IoT malware analysis
REFERENCES
[1] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, and D. Kumar, “Understanding the mirai botnet,” security symposium, USENIX, pp.1093-1110, (2017)
[2] M. Kuzin, Y. Shmelev, and V. Kuskov, “New trends in the world of IoT threats,” Kaspersky, Sep (2018)
[3] E. Bertino, and N. Islam, “Botnets and internet of things security,” Computer, pp.76-79, (2017)
[4] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “Ddos in the iot: mirai and other botnets,” Computer, vol.50, pp.80-84, (2017)
[5] Q.D. Ngo, H.T. Nguyen, L.C. Nguyen, and D.H. Nguyen, “A survey of IoT malware and detection methods based on static features,” ICT Express, (2020)
[6] A. Costin, and J. Zaddach, “Iot malware: Comprehensive survey, analysis framework and case studies,” BlackHat USA Security Conference, (2018)
[7] K. Monnappa, “Automating Linux malware analysis using limon sandbox,” Black Hat Europe, (2015)
[8] Cozzi, and Emanuele, et al. “Understanding Linux malware,” 2018 IEEE Symposium on Security and Privacy (SP), IEEE, (2018)