Poster: Analyzing endpoints in the internet of things malware

Jinchun Choi; Afsah Anwar; Hisham Alasmary; Jeffrey Spaulding; Daehun Nyang; Aziz Mohaisen

doi:10.1145/3317549.3326295

Poster: Analyzing endpoints in the internet of things malware

Jinchun Choi, Afsah Anwar, Hisham Alasmary, Jeffrey Spaulding, Daehun Nyang, Aziz Mohaisen

Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for volumetric attacks such as Distributed Denial-of-Service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses.We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.

Original language	English
Title of host publication	WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
Publisher	Association for Computing Machinery, Inc
Pages	288-289
Number of pages	2
ISBN (Electronic)	9781450367264
DOIs	https://doi.org/10.1145/3317549.3326295
State	Published - 15 May 2019
Event	12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States Duration: 15 May 2019 → 17 May 2019

Publication series

Name	WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference	12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
Country/Territory	United States
City	Miami
Period	15/05/19 → 17/05/19

Keywords

Endpoints
Internet of Things
Malware

Access to Document

10.1145/3317549.3326295

Cite this

Choi, J., Anwar, A., Alasmary, H., Spaulding, J., Nyang, D., & Mohaisen, A. (2019). Poster: Analyzing endpoints in the internet of things malware. In WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks (pp. 288-289). (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks). Association for Computing Machinery, Inc. https://doi.org/10.1145/3317549.3326295

Choi, Jinchun ; Anwar, Afsah ; Alasmary, Hisham et al. / Poster : Analyzing endpoints in the internet of things malware. WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. Association for Computing Machinery, Inc, 2019. pp. 288-289 (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks).

@inproceedings{bbfd7577c87f457da2cfa3f1005ab7a2,

title = "Poster: Analyzing endpoints in the internet of things malware",

abstract = "The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for volumetric attacks such as Distributed Denial-of-Service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses.We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.",

keywords = "Endpoints, Internet of Things, Malware",

author = "Jinchun Choi and Afsah Anwar and Hisham Alasmary and Jeffrey Spaulding and Daehun Nyang and Aziz Mohaisen",

note = "Funding Information: In this paper, we analyze the ≈78.2% of total responsive public IPv4 endpoints among dropzones and their targets as extracted from IoT malware and spread across the globe from diverse perspectives. Additionally, we augment our analysis results by leveraging the use of IoT search engines like Shodan or Censys. Acknowledgment. Supported by NSF CNS-1809000, a collaborative seed grant from Cyber Florida, and NRF 2016K1A1A2912757. Publisher Copyright: {\textcopyright} 2019 Copyright held by the owner/author(s).; null ; Conference date: 15-05-2019 Through 17-05-2019",

year = "2019",

month = may,

day = "15",

doi = "10.1145/3317549.3326295",

language = "English",

series = "WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks",

publisher = "Association for Computing Machinery, Inc",

pages = "288--289",

booktitle = "WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks",

}

Choi, J, Anwar, A, Alasmary, H, Spaulding, J, Nyang, D & Mohaisen, A 2019, Poster: Analyzing endpoints in the internet of things malware. in WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc, pp. 288-289, 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019, Miami, United States, 15/05/19. https://doi.org/10.1145/3317549.3326295

Poster : Analyzing endpoints in the internet of things malware. / Choi, Jinchun; Anwar, Afsah; Alasmary, Hisham et al.

WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. Association for Computing Machinery, Inc, 2019. p. 288-289 (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Poster

AU - Choi, Jinchun

AU - Anwar, Afsah

AU - Alasmary, Hisham

AU - Spaulding, Jeffrey

AU - Nyang, Daehun

AU - Mohaisen, Aziz

N1 - Funding Information: In this paper, we analyze the ≈78.2% of total responsive public IPv4 endpoints among dropzones and their targets as extracted from IoT malware and spread across the globe from diverse perspectives. Additionally, we augment our analysis results by leveraging the use of IoT search engines like Shodan or Censys. Acknowledgment. Supported by NSF CNS-1809000, a collaborative seed grant from Cyber Florida, and NRF 2016K1A1A2912757. Publisher Copyright: © 2019 Copyright held by the owner/author(s).

PY - 2019/5/15

Y1 - 2019/5/15

N2 - The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for volumetric attacks such as Distributed Denial-of-Service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses.We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.

AB - The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for volumetric attacks such as Distributed Denial-of-Service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses.We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.

KW - Endpoints

KW - Internet of Things

KW - Malware

UR - http://www.scopus.com/inward/record.url?scp=85066760221&partnerID=8YFLogxK

U2 - 10.1145/3317549.3326295

DO - 10.1145/3317549.3326295

M3 - Conference contribution

AN - SCOPUS:85066760221

T3 - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

SP - 288

EP - 289

BT - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

PB - Association for Computing Machinery, Inc

Y2 - 15 May 2019 through 17 May 2019

ER -

Choi J, Anwar A, Alasmary H, Spaulding J, Nyang D, Mohaisen A. Poster: Analyzing endpoints in the internet of things malware. In WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. Association for Computing Machinery, Inc. 2019. p. 288-289. (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks). doi: 10.1145/3317549.3326295

Poster: Analyzing endpoints in the internet of things malware

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this