Paper Abstract and Keywords |
Presentation |
2017-06-08 14:25
A First Trend Review of Runtime Packers for IoT Malware Ryoichi Isawa (NICT), Ying Tie (YNU), Katsunari Yoshioka (YNU/NICT), Tao Ban, Daisuke Inoue (NICT) IA2017-4 ICSS2017-4 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Malicious software (malware) specimens that infect IoT (Internet of Things) devices rapidly increase. If those specimens are packed (compressed and/or encrypted), an analyst should require an analysis method suitable for packed IoT malware. To realize how important analysts are seriously in alarm for packed malware, we conducted a trend review of runtime packers for IoT malware. In this review, we examined 16,402 IoT malware specimens with an entropy analysis to reveal a ratio of packed malware. In addition, we checked how many packers were used for the malware. This trend review shows that 238 specimens out of 16,402 were packed and that five packers were used including UPX. We concludes that analysts currently do not have to be extremely nervous for packed IoT malware. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Internet of Things / Malware analysis / Obfuscation / Packer / ELF format / / / |
Reference Info. |
IEICE Tech. Rep., vol. 117, no. 79, ICSS2017-4, pp. 19-24, June 2017. |
Paper # |
ICSS2017-4 |
Date of Issue |
2017-06-01 (IA, ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IA2017-4 ICSS2017-4 |
|