| Presentation | 2021-03-01 Analyzing the Transition of Vulnerabilities Targeted by IoT Malware Kaichi Sameshima, Takayuki Sasaki, Rui Tanabe, Katsunari Yoshioka, Koji Nakao, Tsutomu Matsumoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | While the popularity of IoT devices are rapidly growing, vulnerable IoT devices have been the target of cyber-attacks. In this research, we dynamically analyzed 5,855 samples of IoT malware collected over the past two years by IoT honeypots and investigate the attack functions using vulnerabilities incorporated in these malwares. As a result of the experiment, we confirmed that the malware samples collected in 2018 attacked at least 8 types of known vulnerabilities in 12 ports, while at least 31 types of known vulnerabilities targeting 44 ports were observed from the malware samples collected in 2020. The targeted vulnerabilities were ranging from those published 11 years before to those published 1 months ago from the sample collection that, the variety and the functions targeting old and new vulnerabilities have been incorporated into IoT malware. In addition, targeted vulnerabilities include not only those in IoT device but also those in general Web service, and that IoT malware are used in attacks targeting Web services. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | IoT / Malware / Dynamic Analysis |
| Paper # | ICSS2020-40 |
| Date of Issue | 2021-02-22 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2021/3/1(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Analyzing the Transition of Vulnerabilities Targeted by IoT Malware |
| Sub Title (in English) | |
| Keyword(1) | IoT |
| Keyword(2) | Malware |
| Keyword(3) | Dynamic Analysis |
| 1st Author's Name | Kaichi Sameshima |
| 1st Author's Affiliation | Yokohama National University(YNU) |
| 2nd Author's Name | Takayuki Sasaki |
| 2nd Author's Affiliation | Yokohama National University(YNU) |
| 3rd Author's Name | Rui Tanabe |
| 3rd Author's Affiliation | Yokohama National University(YNU) |
| 4th Author's Name | Katsunari Yoshioka |
| 4th Author's Affiliation | Yokohama National University(YNU) |
| 5th Author's Name | Koji Nakao |
| 5th Author's Affiliation | Yokohama National University(YNU) |
| 6th Author's Name | Tsutomu Matsumoto |
| 6th Author's Affiliation | Yokohama National University(YNU) |
| Date | 2021-03-01 |
| Paper # | ICSS2020-40 |
| Volume (vol) | vol.120 |
| Number (no) | ICSS-384 |
| Page | pp.pp.84-89(ICSS), |
| #Pages | 6 |
| Date of Issue | 2021-02-22 (ICSS) |