Poster: Analyzing endpoints in the internet of things malware

Jinchun Choi, Afsah Anwar, Hisham Alasmary, Jeffrey Spaulding, Daehun Nyang, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for volumetric attacks such as Distributed Denial-of-Service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses.We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.

Original languageEnglish
Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages288-289
Number of pages2
ISBN (Electronic)9781450367264
DOIs
StatePublished - 15 May 2019
Event12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States
Duration: 15 May 201917 May 2019

Publication series

NameWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
Country/TerritoryUnited States
CityMiami
Period15/05/1917/05/19

Bibliographical note

Funding Information:
In this paper, we analyze the ≈78.2% of total responsive public IPv4 endpoints among dropzones and their targets as extracted from IoT malware and spread across the globe from diverse perspectives. Additionally, we augment our analysis results by leveraging the use of IoT search engines like Shodan or Censys. Acknowledgment. Supported by NSF CNS-1809000, a collaborative seed grant from Cyber Florida, and NRF 2016K1A1A2912757.

Publisher Copyright:
© 2019 Copyright held by the owner/author(s).

Keywords

  • Endpoints
  • Internet of Things
  • Malware

Fingerprint

Dive into the research topics of 'Poster: Analyzing endpoints in the internet of things malware'. Together they form a unique fingerprint.

Cite this