Tracing MIRAI malware in networked system

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In 2021, it is anticipated that there will be approximately 30 billion Internet of Things (IoT) devices. The tremendous aggregate value of the IoT makes it a tempting and lucrative target for cyber criminals. The breakout of Mirai malware, which compromises poorly secured IoT devices with factory-default username and passphrase to launch Distributed Denial of Service (DDoS) attacks, has raised broad awareness towards the need for increased IoT security. To better defend against Mirai infection and spread, it is critical to know how the malware operates as the first step. In this paper, we give a combined static and dynamic analysis of Mirai, basing on the results of which, we introduce the application of Threat Tracer. Threat tracer is an information system simulator initially developed to help design a system robust against Advanced Persistent Attacks(APT). It offers an intuitive track on how a cyber threat behaves in a complicated networked system. The feedback simultaneously contributes to revealing vulnerabilities of a system. Our work focuses on the replication of Mirai Malware's operating processes in Threat Tracer simulation. By achieving doing so, we believe it could offer a comprehensible description of how Mirai acts. Also, considering the continuous emergence of Mirai variants, the simulation serves as a predictor on upcoming threats' behavior patterns.

Original languageEnglish
Title of host publicationProceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages534-538
Number of pages5
ISBN (Electronic)9781538691847
DOIs
Publication statusPublished - Dec 26 2018
Event6th International Symposium on Computing and Networking Workshops, CANDARW 2018 - Takayama, Japan
Duration: Nov 27 2018Nov 30 2018

Publication series

NameProceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

Conference

Conference6th International Symposium on Computing and Networking Workshops, CANDARW 2018
CountryJapan
CityTakayama
Period11/27/1811/30/18

Fingerprint

Internet of Things
Malware
Tracing
Attack
Denial of Service
Static analysis
Static Analysis
Vulnerability
Dynamic Analysis
Dynamic analysis
Replication
Infection
Industrial plants
Information Systems
Intuitive
Predictors
Simulation
Information systems
Simulator
Simulators

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Statistics, Probability and Uncertainty
  • Computer Science Applications

Cite this

Xu, Y., Koide, H., Vargas, D. V., & Sakurai, K. (2018). Tracing MIRAI malware in networked system. In Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018 (pp. 534-538). [8590958] (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDARW.2018.00104

Tracing MIRAI malware in networked system. / Xu, Yao; Koide, Hiroshi; Vargas, Danilo Vasconcellos; Sakurai, Kouichi.

Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 534-538 8590958 (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Xu, Y, Koide, H, Vargas, DV & Sakurai, K 2018, Tracing MIRAI malware in networked system. in Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018., 8590958, Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, Institute of Electrical and Electronics Engineers Inc., pp. 534-538, 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, Takayama, Japan, 11/27/18. https://doi.org/10.1109/CANDARW.2018.00104
Xu Y, Koide H, Vargas DV, Sakurai K. Tracing MIRAI malware in networked system. In Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 534-538. 8590958. (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018). https://doi.org/10.1109/CANDARW.2018.00104
Xu, Yao ; Koide, Hiroshi ; Vargas, Danilo Vasconcellos ; Sakurai, Kouichi. / Tracing MIRAI malware in networked system. Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 534-538 (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018).
@inproceedings{24d2ef2e2ac8416782157cfd81870679,
title = "Tracing MIRAI malware in networked system",
abstract = "In 2021, it is anticipated that there will be approximately 30 billion Internet of Things (IoT) devices. The tremendous aggregate value of the IoT makes it a tempting and lucrative target for cyber criminals. The breakout of Mirai malware, which compromises poorly secured IoT devices with factory-default username and passphrase to launch Distributed Denial of Service (DDoS) attacks, has raised broad awareness towards the need for increased IoT security. To better defend against Mirai infection and spread, it is critical to know how the malware operates as the first step. In this paper, we give a combined static and dynamic analysis of Mirai, basing on the results of which, we introduce the application of Threat Tracer. Threat tracer is an information system simulator initially developed to help design a system robust against Advanced Persistent Attacks(APT). It offers an intuitive track on how a cyber threat behaves in a complicated networked system. The feedback simultaneously contributes to revealing vulnerabilities of a system. Our work focuses on the replication of Mirai Malware's operating processes in Threat Tracer simulation. By achieving doing so, we believe it could offer a comprehensible description of how Mirai acts. Also, considering the continuous emergence of Mirai variants, the simulation serves as a predictor on upcoming threats' behavior patterns.",
author = "Yao Xu and Hiroshi Koide and Vargas, {Danilo Vasconcellos} and Kouichi Sakurai",
year = "2018",
month = "12",
day = "26",
doi = "10.1109/CANDARW.2018.00104",
language = "English",
series = "Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "534--538",
booktitle = "Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018",
address = "United States",

}

TY - GEN

T1 - Tracing MIRAI malware in networked system

AU - Xu, Yao

AU - Koide, Hiroshi

AU - Vargas, Danilo Vasconcellos

AU - Sakurai, Kouichi

PY - 2018/12/26

Y1 - 2018/12/26

N2 - In 2021, it is anticipated that there will be approximately 30 billion Internet of Things (IoT) devices. The tremendous aggregate value of the IoT makes it a tempting and lucrative target for cyber criminals. The breakout of Mirai malware, which compromises poorly secured IoT devices with factory-default username and passphrase to launch Distributed Denial of Service (DDoS) attacks, has raised broad awareness towards the need for increased IoT security. To better defend against Mirai infection and spread, it is critical to know how the malware operates as the first step. In this paper, we give a combined static and dynamic analysis of Mirai, basing on the results of which, we introduce the application of Threat Tracer. Threat tracer is an information system simulator initially developed to help design a system robust against Advanced Persistent Attacks(APT). It offers an intuitive track on how a cyber threat behaves in a complicated networked system. The feedback simultaneously contributes to revealing vulnerabilities of a system. Our work focuses on the replication of Mirai Malware's operating processes in Threat Tracer simulation. By achieving doing so, we believe it could offer a comprehensible description of how Mirai acts. Also, considering the continuous emergence of Mirai variants, the simulation serves as a predictor on upcoming threats' behavior patterns.

AB - In 2021, it is anticipated that there will be approximately 30 billion Internet of Things (IoT) devices. The tremendous aggregate value of the IoT makes it a tempting and lucrative target for cyber criminals. The breakout of Mirai malware, which compromises poorly secured IoT devices with factory-default username and passphrase to launch Distributed Denial of Service (DDoS) attacks, has raised broad awareness towards the need for increased IoT security. To better defend against Mirai infection and spread, it is critical to know how the malware operates as the first step. In this paper, we give a combined static and dynamic analysis of Mirai, basing on the results of which, we introduce the application of Threat Tracer. Threat tracer is an information system simulator initially developed to help design a system robust against Advanced Persistent Attacks(APT). It offers an intuitive track on how a cyber threat behaves in a complicated networked system. The feedback simultaneously contributes to revealing vulnerabilities of a system. Our work focuses on the replication of Mirai Malware's operating processes in Threat Tracer simulation. By achieving doing so, we believe it could offer a comprehensible description of how Mirai acts. Also, considering the continuous emergence of Mirai variants, the simulation serves as a predictor on upcoming threats' behavior patterns.

UR - http://www.scopus.com/inward/record.url?scp=85061452335&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061452335&partnerID=8YFLogxK

U2 - 10.1109/CANDARW.2018.00104

DO - 10.1109/CANDARW.2018.00104

M3 - Conference contribution

AN - SCOPUS:85061452335

T3 - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

SP - 534

EP - 538

BT - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -