Honor among Thieves: Towards Understanding the Dynamics and Interdependencies in IoT Botnets

Jinchun Choi, Ahmed Abusnaina, Afsah Anwar, An Wang, Songqing Chen, Dae Hun Nyang, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

In this paper, we analyze the Internet of Things (IoT) Linux malware binaries to understand the dependencies among malware. Towards this end, we use static analysis to extract endpoints that malware communicates with, and classify such endpoints into targets and dropzones (equivalent to Command and Control). In total, we extracted 1,457 unique dropzone IP addresses that target 294 unique IP addresses and 1,018 masked target IP addresses. We highlight various characteristics of those dropzones and targets, including spatial, network, and organizational affinities. Towards the analysis of dropzones' interdependencies and dynamics, we identify dropzones chains. Overall, we identify 56 unique chains, which unveil coordination (and possible attacks) among different malware families. Further analysis of chains with higher node counts reveals centralization. We suggest a centrality-based defense and monitoring mechanism to limit the propagation and impact of malware.

Original languageEnglish
Title of host publication2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728123196
DOIs
StatePublished - Nov 2019
Event3rd IEEE Conference on Dependable and Secure Computing, DSC 2019 - Hangzhou, China
Duration: 18 Nov 201920 Nov 2019

Publication series

Name2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings

Conference

Conference3rd IEEE Conference on Dependable and Secure Computing, DSC 2019
Country/TerritoryChina
CityHangzhou
Period18/11/1920/11/19

Keywords

  • Distributed Denial of Service
  • Internet of Things
  • Malware
  • Static Analysis

Fingerprint

Dive into the research topics of 'Honor among Thieves: Towards Understanding the Dynamics and Interdependencies in IoT Botnets'. Together they form a unique fingerprint.

Cite this