2020
DOI: 10.1109/access.2020.3014891
|View full text |Cite
|
Sign up to set email alerts
|

V-Sandbox for Dynamic Analysis IoT Botnet

Abstract: With the increasing use of resource-constrained IoT devices, the number of IoT Botnets has exploded with many variations and ways of penetration. Nowadays, studies based on machine learning and deep learning have focused on dealing with IoT Botnet with many successes, and these studies have required relevant data during malware execution. For this, the sandbox environment and behavior collection tools play an essential role. However, the existing sandboxes do not provide adequate behavior data of IoT botnet su… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
10
0

Year Published

2021
2021
2023
2023

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 25 publications
(10 citation statements)
references
References 51 publications
0
10
0
Order By: Relevance
“…Hai-Viet Le 13 proposed IoT-BDA framework to combat the smartness of the IoT botnets. The IoT-BDA architecture comprises a variety of honeypots and newly evolved sandboxes, and it is made up of blocks such as BCB and BAB.…”
Section: Related Workmentioning
confidence: 99%
“…Hai-Viet Le 13 proposed IoT-BDA framework to combat the smartness of the IoT botnets. The IoT-BDA architecture comprises a variety of honeypots and newly evolved sandboxes, and it is made up of blocks such as BCB and BAB.…”
Section: Related Workmentioning
confidence: 99%
“…The results are summarised in Table 27. Padawan The static analysis is provided by most of the proposed sandboxes except for IoTBOX [9] and V-Sandbox [18]. IoT-BDA BAB provides the most detailed static analysis by identifying IoC and anti-static-analysis techniques such as packing and string encoding.…”
Section: B Botnet Samples Analysismentioning
confidence: 99%
“…d) Library support: The availability of the required libraries may affect the outcome of the sample execution. From the compared sandboxes, only V-Sandbox employs an agent that provides the shared object (SO) libraries to the sample [18]. The SO libraries are obtained from publicly available IoT devices firmware.…”
Section: B Botnet Samples Analysismentioning
confidence: 99%
“…However, the large number of IoT botnet samples collected by antivirus vendors makes it impossible for the malware analysts to examine each botnet sample [7]. Although significant efforts have been made for automating the analysis of IoT botnet samples using sandboxes [8][9][10], the analysis results still need to be interpreted by malware analysts. This challenge can be overcome by grouping together samples that exhibit similar behaviours into clusters.…”
Section: Introductionmentioning
confidence: 99%
“…To be able to capture the behaviour of the botnets infecting a single CPU architecture, the sandbox should support the CPU architectures which are the most targeted by IoT botnets. Furthermore, a botnet sample may require software tools and libraries that are expected to be available on the vulnerable devices [10].…”
mentioning
confidence: 99%