The Tangled Genealogy of IoT Malware

Cozzi, Emanuele; Vervier, Pierre-Antoine; Dell’Amico, Matteo; Shen, Yun; Bilge, Leyla; Balzarotti, Davide

doi:10.1145/3427228.3427256

Cited by 57 publications

(35 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Extensible, supports analysis of very large firmware images, ability to decompile object code back to source code hexdump -Utility for inspecting files via hex, decimal, octal and ASCII views. Allows data recovery and reverse engineering hexedit -Helps to view/edit files in hex or ASCII IDAPro [28], [18], [34], [35], [36], [30] Prominently used interactive disassembler and debugger tool magic -file command's magic pattern file nucleus [28] A structural control flow graph analysis based compiler agnostic function detection tool for binaries proposed by Andriesse et al [37]. obj(ect)dump [38], [39], [40] Information dump about object files including intended target instruction set architecture (ISA) and structural information.…”

Section: Elfdump -mentioning

confidence: 99%

“…As shown in Figure 4, symbol, debugging, and relocation information could be stripped from an ELF binary to make them lightweight. However, studies have shown that IoT malwares are mostly statically linked [35] and not stripped to reduce the dependency on the diverse IoT execution environments and avoid runtime failures. It also makes them hard to analyze under static analysis.…”

Section: E Malware Threat Hunting Approachesmentioning

confidence: 99%

“…Malware family classification is anticipated to become more tedious, based on the studies [35], [95], that showcased the code reuse among IoT malware families to be having a rising trend.…”

Section: Forecastsmentioning

confidence: 99%

“…There are notable Linux malware studies such as Cozzi et al [28], [35]. In [28], they presented the first generic Linuxspecific malware analysis pipeline, the first comprehensive Linux-based malware study covering low-level strategies employed by malware in the wild.…”

Section: Related Workmentioning

confidence: 99%

“…In [28], they presented the first generic Linuxspecific malware analysis pipeline, the first comprehensive Linux-based malware study covering low-level strategies employed by malware in the wild. And in [35], they showcased code reuse-based reconstruction of genealogy of IoT malware to aid in tracking their evolution over the years. Such lineage graphs are useful for learning the intra-family relationships among variants and aids in better family classification.…”

Section: Related Workmentioning

confidence: 99%

See 4 more Smart Citations

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

In recent years, the increase in non-Windows malware threats had turned the focus of the cybersecurity community. Research works on hunting Windows PE-based malwares are maturing, whereas the developments on Linux malware threat hunting are relatively scarce. With the advent of the Internet of Things (IoT) era, smart devices that are getting integrated into human life have become a hackers' highway for their malicious activities. The IoT devices employ various Unix-based architectures that follow ELF (Executable and Linkable Format) as their standard binary file specification. This study aims at providing a comprehensive survey on the latest developments in cross-architectural IoT malware detection and classification approaches. Aided by a modern taxonomy, we discuss the feature representations, feature extraction techniques, and machine learning models employed in the surveyed works. We further provide more insights on the practical challenges involved in cross-architectural IoT malware threat hunting and discuss various avenues to instill potential future research.

show abstract

Section: Elfdump -mentioning

confidence: 99%

Section: E Malware Threat Hunting Approachesmentioning

confidence: 99%

“…Malware family classification is anticipated to become more tedious, based on the studies [35], [95], that showcased the code reuse among IoT malware families to be having a rising trend.…”

Section: Forecastsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

show abstract

T-RAID: TEE-based Remote Attestation for IoT Devices

Nagy

Bak

Papp

et al. 2022

Communications in Computer and Information Science

View full text Add to dashboard Cite

The Internet of Things (IoT) consists of network-connected embedded devices that enable a multitude of new applications, but also create new risks. In particular, embedded IoT devices can be infected by malware. Operators of IoT systems not only need malware detection tools, but also scalable methods to reliably and remotely verify malware freedom of their IoT devices. In this paper, we address this problem by proposing T-RAID, a remote attestation scheme for IoT devices that takes advantage of the security guarantees provided by a Trusted Execution Environment running on each device.

show abstract