| Presentation | 2017-06-08 A First Trend Review of Runtime Packers for IoT Malware Ryoichi Isawa, Ying Tie, Katsunari Yoshioka, Tao Ban, Daisuke Inoue, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Malicious software (malware) specimens that infect IoT (Internet of Things) devices rapidly increase. If those specimens are packed (compressed and/or encrypted), an analyst should require an analysis method suitable for packed IoT malware. To realize how important analysts are seriously in alarm for packed malware, we conducted a trend review of runtime packers for IoT malware. In this review, we examined 16,402 IoT malware specimens with an entropy analysis to reveal a ratio of packed malware. In addition, we checked how many packers were used for the malware. This trend review shows that 238 specimens out of 16,402 were packed and that five packers were used including UPX. We concludes that analysts currently do not have to be extremely nervous for packed IoT malware. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Internet of Things / Malware analysis / Obfuscation / Packer / ELF format |
| Paper # | IA2017-4,ICSS2017-4 |
| Date of Issue | 2017-06-01 (IA, ICSS) |
| Conference Information | |
| Committee | IA / ICSS |
|---|---|
| Conference Date | 2017/6/8(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Kochi University of Technolo, Eikokuji Campus |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet Security, etc. |
| Chair | Katsuyoshi Iida(Hokkaido Univ.) / Yoshiaki Shiraishi(Kobe Univ.) |
| Vice Chair | Rei Atarashi(IIJ) / Hiroyuki Osaki(Kwansei Gakuin Univ.) / Tomoki Yoshihisa(Osaka Univ.) / Takeshi Ueda(Mitsubishi Electric) / Hiroki Takakura(NII) |
| Secretary | Rei Atarashi(Tokyo Metropolitan Univ.) / Hiroyuki Osaki(TOYOTA-IT) / Tomoki Yoshihisa(Yokohama National Univ.) / Takeshi Ueda(NTT) / Hiroki Takakura |
| Assistant | Kenji Ohira(Tokushima Univ.) / Ryohei Banno(NTT) / Toshiki Watanabe(NEC) / Takahiro Kasama(NICT) / Akira Yamada(KDDI labs.) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A First Trend Review of Runtime Packers for IoT Malware |
| Sub Title (in English) | |
| Keyword(1) | Internet of Things |
| Keyword(2) | Malware analysis |
| Keyword(3) | Obfuscation |
| Keyword(4) | Packer |
| Keyword(5) | ELF format |
| 1st Author's Name | Ryoichi Isawa |
| 1st Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 2nd Author's Name | Ying Tie |
| 2nd Author's Affiliation | Yokohama National University(YNU) |
| 3rd Author's Name | Katsunari Yoshioka |
| 3rd Author's Affiliation | Yokohama National University/National Institute of Information and Communications Technology(YNU/NICT) |
| 4th Author's Name | Tao Ban |
| 4th Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 5th Author's Name | Daisuke Inoue |
| 5th Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| Date | 2017-06-08 |
| Paper # | IA2017-4,ICSS2017-4 |
| Volume (vol) | vol.117 |
| Number (no) | IA-78,ICSS-79 |
| Page | pp.pp.19-24(IA), pp.19-24(ICSS), |
| #Pages | 6 |
| Date of Issue | 2017-06-01 (IA, ICSS) |