Skip to the main content

Original scientific paper

https://doi.org/10.17559/TV-20210202131602

Design of Automation Environment for Analyzing Various IoT Malware

Sungwon Lee ; Dept. Of Computer Engineering, Yeungnam University, 280 Daehak-Ro, Gyeongsan, Gyeongbuk, Republic of Korea
Hyeonkyu Jeon ; Dept. Of Computer Engineering, Yeungnam University, 280 Daehak-Ro, Gyeongsan, Gyeongbuk, Republic of Korea
Gihyun Park ; Dept. Of Computer Engineering, Yeungnam University, 280 Daehak-Ro, Gyeongsan, Gyeongbuk, Republic of Korea
Jonghee Youn* ; Dept. Of Computer Engineering, Yeungnam University, 280 Daehak-Ro, Gyeongsan, Gyeongbuk, Republic of Korea


Full text: english pdf 715 Kb

page 827-835

downloads: 807

cite


Abstract

With the increasing proliferation of IoT systems, the security of IoT systems has become very important to individuals and businesses. IoT malware has been increasing exponentially since the emergence of Mirai in 2016. Because the IoT system environment is diverse, IoT malware also has various environments. In the case of existing analysis systems, there is no environment for dynamic analysis by running IoT malware of various architectures. It is inefficient in terms of time and cost to build an environment that analyzes malware one by one for analysis. The purpose of this paper is to improve the problems and limitations of the existing analysis system and provide an environment to analyze a large amount of IoT malware. Using existing open source analysis tools suitable for various IoT malicious codes and QEMU, a virtualization software, the environment in which the actual malicious code will run is built, and the library or system call that is actually called is statically and dynamically analyzed. In the text, the analysis system is applied to the actual collected malicious code to check whether it is analyzed and derive statistics. Information on the architecture of malicious code, attack method, command used, and access path can be checked, and this information can be used as a basis for malicious code detection research or classification research. The advantages are described of the system designed compared to the most commonly used automated analysis tools and improvements to existing limitations.

Keywords

automated analysis; IoT malware; IoT malware classification; massive malware

Hrčak ID:

258208

URI

https://hrcak.srce.hr/258208

Publication date:

6.6.2021.

Visits: 1.730 *