{"created":"2025-01-19T01:20:14.187388+00:00","updated":"2025-01-19T13:55:51.516571+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00220190","sets":["581:10784:10794"]},"path":["10794"],"owner":"44499","recid":"220190","title":["Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure "],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-09-15"},"_buckets":{"deposit":"348ac7b6-d602-4423-83fd-aeeab739c6e0"},"_deposit":{"id":"220190","pid":{"type":"depid","value":"220190","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure ","author_link":["581488","581497","581490","581492","581494","581498","581503","581500","581499","581496","581501","581495","581493","581489","581491","581502"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure "},{"subitem_title":"Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure ","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:量子時代をみすえたコンピュータセキュリティ技術] Internet-of-Things, IoT malware binary, C&C server, IoT honeypot","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2022-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University"},{"subitem_text_value":"Yokohama National University／FUJISOFT Incorporated"},{"subitem_text_value":"National Institute of Information and Communications Technology"},{"subitem_text_value":"National Institute of Information and Communications Technology"},{"subitem_text_value":"Delft University of Technology"},{"subitem_text_value":"Delft University of Technology"},{"subitem_text_value":"Yokohama National University"},{"subitem_text_value":"Yokohama National University"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University / FUJISOFT Incorporated","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":"Delft University of Technology","subitem_text_language":"en"},{"subitem_text_value":"Delft University of Technology","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"},{"subitem_text_value":"Yokohama National University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/220190/files/IPSJ-JNL6309006.pdf","label":"IPSJ-JNL6309006.pdf"},"date":[{"dateType":"Available","dateValue":"2024-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6309006.pdf","filesize":[{"value":"5.6 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"5"},{"tax":["include_tax"],"price":"0","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1f361b55-f85c-4cca-af5c-c0e40424f257","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Rui, Tanabe"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsuyufumi, Watanabe"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Fujita"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryoichi, Isawa"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Carlos, Gañán"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Michel, van Eeten"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Rui, Tanabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsuyufumi, Watanabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Akira, Fujita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ryoichi, Isawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Carlos, Gañán","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Michel, van Eeten","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Katsunari, Yoshioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tsutomu, Matsumoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnets based on 36 months of data gathered via honeypots and the monitoring of botnet infrastructure. We collected 64,260 IoT malware samples, 35,494 download servers, and 4,736 C&C servers during 2016 to 2021. Not only are most binaries distributed for less than three days, but the connection of bots to the rest of the botnet is also short-lived. To reach the C&C server, the binaries typically contain only a single hard-coded IP address or domain. Long-term dynamic analysis finds no mechanism for the attackers to migrate the bots to a new C&C server. Although malware binaries that use domain names to connect to their C&C servers increased in 2020, the C&C servers themselves have a short lifespan and this tendency has not changed. The picture that emerges is that of highly disposable botnets. IoT botnets are reconstituted from scratch all the time rather than maintained.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.30(2022) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.30.577\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnets based on 36 months of data gathered via honeypots and the monitoring of botnet infrastructure. We collected 64,260 IoT malware samples, 35,494 download servers, and 4,736 C&C servers during 2016 to 2021. Not only are most binaries distributed for less than three days, but the connection of bots to the rest of the botnet is also short-lived. To reach the C&C server, the binaries typically contain only a single hard-coded IP address or domain. Long-term dynamic analysis finds no mechanism for the attackers to migrate the bots to a new C&C server. Although malware binaries that use domain names to connect to their C&C servers increased in 2020, the C&C servers themselves have a short lifespan and this tendency has not changed. The picture that emerges is that of highly disposable botnets. IoT botnets are reconstituted from scratch all the time rather than maintained.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.30(2022) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.30.577\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2022-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"63"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":220190,"links":{}}