Internet-Wide Analysis, Characterization, and Family Attribution of IoT Malware: A Comprehensive Longitudinal Study

Document Type

Article

Publication Date

1-1-2024

Abstract

This study presents a large-scale empirical analysis of real-life Internet-of-Things (IoT) malware by conducting a comprehensive analysis of 160,000 malicious executables detected by specialized IoT honeypots over five years. Our findings contribute to improving the knowledge of IoT malware characteristics and inter-relationships, which in return, contribute towards strengthening cybersecurity measures for IoT threat detection/mitigation. To achieve these goals, we leverage various malware analysis techniques to extract useful information from the executable files. Our analysis demonstrate that in contrast to non-IoT malware, we were able to extract unsolicited IP addresses and command strings from the majority of the analyzed IoT malware binaries using off-the-shelf de-obfuscation techniques/tools. Additionally, by correlating the extracted information and performing consequent similarity analysis using NLP-based features, we were able to reveal closely related samples with shared implementation across the adversarial infrastructure. Thus, contributing to labeling previously unseen/unknown IoT malware samples while uncovering emerging, possibly new variants. Finally, given such findings, we discuss the applications of a real-time IoT honeypot, which enables capturing real-time commands from malware-infected IoT devices while enabling timely and effective IoT-malware detection, analysis, labeling, and mitigation.

Publication Source (Journal or Book title)

IEEE Transactions on Dependable and Secure Computing

This document is currently not available here.

Share

COinS