Honor among Thieves: Towards Understanding the Dynamics and Interdependencies in IoT Botnets

In this paper, we analyze the Internet of Things (IoT) Linux malware binaries to understand the dependencies among malware. Towards this end, we use static analysis to extract endpoints that malware communicates with, and classify such endpoints into targets and dropzones (equivalent to Command and...

Full description

Saved in:
Bibliographic Details
Published in2019 IEEE Conference on Dependable and Secure Computing (DSC) pp. 1 - 8
Main Authors Choi, Jinchun, Abusnaina, Ahmed, Anwar, Afsah, Wang, An, Chen, Songqing, Nyang, DaeHun, Mohaisen, Aziz
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.11.2019
Subjects
Botnet
Companies
Distributed Denial of Service
Internet of Things
IP networks
Malware
Static analysis
Online AccessGet full text
DOI10.1109/DSC47296.2019.8937574

Cover

More Information
Summary:In this paper, we analyze the Internet of Things (IoT) Linux malware binaries to understand the dependencies among malware. Towards this end, we use static analysis to extract endpoints that malware communicates with, and classify such endpoints into targets and dropzones (equivalent to Command and Control). In total, we extracted 1,457 unique dropzone IP addresses that target 294 unique IP addresses and 1,018 masked target IP addresses. We highlight various characteristics of those dropzones and targets, including spatial, network, and organizational affinities. Towards the analysis of dropzones' interdependencies and dynamics, we identify dropzones chains. Overall, we identify 56 unique chains, which unveil coordination (and possible attacks) among different malware families. Further analysis of chains with higher node counts reveals centralization. We suggest a centrality-based defense and monitoring mechanism to limit the propagation and impact of malware.
DOI:10.1109/DSC47296.2019.8937574