Paper Abstract and Keywords |
Presentation |
2022-03-08 13:40
ML-based detection of C&C communications for sandbox analysis of IoT malware Yuki Endo, Kaichi Sameshima, Rui Tanabe, Katsunari Yoshioka, Tsutomu Matsumoto (YNU) ICSS2021-75 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
In order to analyze the behavior of malware, dynamic analysis has been widely utilized. Among various communication of malware, those with C&C servers are important for understanding the trends and behavior of attackers. In this study, we propose a method to identify C&C servers from communication observed by dynamic analysis of IoT malware. Our key observation is that connecting C&C server is so essential for malware that it would try to connect to the servers for every execution and would keep its attempt if the connection is not established. We propose an ML-based method to identify the C&C server from the communication of malware observed by multiple dynamic analyses using different network environments to highlight its tenacity for the C&C server. In the experiment with 363 malware samples captured by IoT honeypot, C&C servers were identified with the precision of 100% and the recall of 98.6%. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
IoT / Malware / Dynamic Analysis / Machine Learning / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 121, no. 410, ICSS2021-75, pp. 99-104, March 2022. |
Paper # |
ICSS2021-75 |
Date of Issue |
2022-02-28 (ICSS) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2021-75 |
Conference Information |
Committee |
ICSS IPSJ-SPT |
Conference Date |
2022-03-07 - 2022-03-08 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Online |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Security, Trust, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2022-03-ICSS-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
ML-based detection of C&C communications for sandbox analysis of IoT malware |
Sub Title (in English) |
|
Keyword(1) |
IoT |
Keyword(2) |
Malware |
Keyword(3) |
Dynamic Analysis |
Keyword(4) |
Machine Learning |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Yuki Endo |
1st Author's Affiliation |
Yokohama National University (YNU) |
2nd Author's Name |
Kaichi Sameshima |
2nd Author's Affiliation |
Yokohama National University (YNU) |
3rd Author's Name |
Rui Tanabe |
3rd Author's Affiliation |
Yokohama National University (YNU) |
4th Author's Name |
Katsunari Yoshioka |
4th Author's Affiliation |
Yokohama National University (YNU) |
5th Author's Name |
Tsutomu Matsumoto |
5th Author's Affiliation |
Yokohama National University (YNU) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2022-03-08 13:40:00 |
Presentation Time |
20 minutes |
Registration for |
ICSS |
Paper # |
ICSS2021-75 |
Volume (vol) |
vol.121 |
Number (no) |
no.410 |
Page |
pp.99-104 |
#Pages |
6 |
Date of Issue |
2022-02-28 (ICSS) |
|