WEKO3
-
RootNode
アイテム
Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure
https://ipsj.ixsq.nii.ac.jp/records/220190
https://ipsj.ixsq.nii.ac.jp/records/2201901c7ef4a1-7b98-4f51-90e4-d0c94217f155
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6309006.pdf (5.6 MB)
|
Copyright (c) 2022 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2022-09-15 | |||||||||||||||||||||
| タイトル | ||||||||||||||||||||||
| タイトル | Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure | |||||||||||||||||||||
| タイトル | ||||||||||||||||||||||
| 言語 | en | |||||||||||||||||||||
| タイトル | Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure | |||||||||||||||||||||
| 言語 | ||||||||||||||||||||||
| 言語 | eng | |||||||||||||||||||||
| キーワード | ||||||||||||||||||||||
| 主題Scheme | Other | |||||||||||||||||||||
| 主題 | [特集:量子時代をみすえたコンピュータセキュリティ技術] Internet-of-Things, IoT malware binary, C&C server, IoT honeypot | |||||||||||||||||||||
| 資源タイプ | ||||||||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||||||||
| 資源タイプ | journal article | |||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| Yokohama National University | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| Yokohama National University/FUJISOFT Incorporated | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| National Institute of Information and Communications Technology | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| National Institute of Information and Communications Technology | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| Delft University of Technology | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| Delft University of Technology | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| Yokohama National University | ||||||||||||||||||||||
| 著者所属 | ||||||||||||||||||||||
| Yokohama National University | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| Yokohama National University | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| Yokohama National University / FUJISOFT Incorporated | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| National Institute of Information and Communications Technology | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| National Institute of Information and Communications Technology | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| Delft University of Technology | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| Delft University of Technology | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| Yokohama National University | ||||||||||||||||||||||
| 著者所属(英) | ||||||||||||||||||||||
| en | ||||||||||||||||||||||
| Yokohama National University | ||||||||||||||||||||||
| 著者名 |
Rui, Tanabe
× Rui, Tanabe
× Tsuyufumi, Watanabe
× Akira, Fujita
× Ryoichi, Isawa
× Carlos, Gañán
× Michel, van Eeten
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||||||||
| 著者名(英) |
Rui, Tanabe
× Rui, Tanabe
× Tsuyufumi, Watanabe
× Akira, Fujita
× Ryoichi, Isawa
× Carlos, Gañán
× Michel, van Eeten
× Katsunari, Yoshioka
× Tsutomu, Matsumoto
|
|||||||||||||||||||||
| 論文抄録 | ||||||||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||||||||
| 内容記述 | Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnets based on 36 months of data gathered via honeypots and the monitoring of botnet infrastructure. We collected 64,260 IoT malware samples, 35,494 download servers, and 4,736 C&C servers during 2016 to 2021. Not only are most binaries distributed for less than three days, but the connection of bots to the rest of the botnet is also short-lived. To reach the C&C server, the binaries typically contain only a single hard-coded IP address or domain. Long-term dynamic analysis finds no mechanism for the attackers to migrate the bots to a new C&C server. Although malware binaries that use domain names to connect to their C&C servers increased in 2020, the C&C servers themselves have a short lifespan and this tendency has not changed. The picture that emerges is that of highly disposable botnets. IoT botnets are reconstituted from scratch all the time rather than maintained. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.577 ------------------------------ |
|||||||||||||||||||||
| 論文抄録(英) | ||||||||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||||||||
| 内容記述 | Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnets based on 36 months of data gathered via honeypots and the monitoring of botnet infrastructure. We collected 64,260 IoT malware samples, 35,494 download servers, and 4,736 C&C servers during 2016 to 2021. Not only are most binaries distributed for less than three days, but the connection of bots to the rest of the botnet is also short-lived. To reach the C&C server, the binaries typically contain only a single hard-coded IP address or domain. Long-term dynamic analysis finds no mechanism for the attackers to migrate the bots to a new C&C server. Although malware binaries that use domain names to connect to their C&C servers increased in 2020, the C&C servers themselves have a short lifespan and this tendency has not changed. The picture that emerges is that of highly disposable botnets. IoT botnets are reconstituted from scratch all the time rather than maintained. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.577 ------------------------------ |
|||||||||||||||||||||
| 書誌レコードID | ||||||||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 63, 号 9, 発行日 2022-09-15 |
|||||||||||||||||||||
| ISSN | ||||||||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||||||||
| 公開者 | ||||||||||||||||||||||
| 言語 | ja | |||||||||||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||||||||||
Share
Cite as
Rui, Tanabe, Tsuyufumi, Watanabe, Akira, Fujita, Ryoichi, Isawa, Carlos, Gañán, Michel, van Eeten, Katsunari, Yoshioka, Tsutomu, Matsumoto, 2022: 情報処理学会.
Loading...
