@inproceedings{bbfd7577c87f457da2cfa3f1005ab7a2,
title = "Poster: Analyzing endpoints in the internet of things malware",
abstract = "The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for volumetric attacks such as Distributed Denial-of-Service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses.We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.",
keywords = "Endpoints, Internet of Things, Malware",
author = "Jinchun Choi and Afsah Anwar and Hisham Alasmary and Jeffrey Spaulding and Daehun Nyang and Aziz Mohaisen",
note = "Funding Information: In this paper, we analyze the ≈78.2% of total responsive public IPv4 endpoints among dropzones and their targets as extracted from IoT malware and spread across the globe from diverse perspectives. Additionally, we augment our analysis results by leveraging the use of IoT search engines like Shodan or Censys. Acknowledgment. Supported by NSF CNS-1809000, a collaborative seed grant from Cyber Florida, and NRF 2016K1A1A2912757. Publisher Copyright: {\textcopyright} 2019 Copyright held by the owner/author(s).; null ; Conference date: 15-05-2019 Through 17-05-2019",
year = "2019",
month = may,
day = "15",
doi = "10.1145/3317549.3326295",
language = "English",
series = "WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks",
publisher = "Association for Computing Machinery, Inc",
pages = "288--289",
booktitle = "WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks",
}