文献一覧: Takahiro Kasama (著者)

2 0 0 0 OA IoTPOT: A Novel Honeypot for Revealing Current IoT Threats

著者: Yin Minn Pa Pa Shogo Suzuki Katsunari Yoshioka Tsutomu Matsumoto Takahiro Kasama Christian Rossow
出版者: 一般社団法人情報処理学会
雑誌: Journal of Information Processing (ISSN:18826652)
巻号頁・発行日: vol.24, no.3, pp.522-533, 2016 (Released:2016-05-15)
参考文献数: 32
被引用文献数: 1 124

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 5 distinct DDoS malware families targeting Telnet-enabled IoT devices and one of the families has quickly evolved to target more devices with as many as 9 different CPU architectures.

2017-04-22 02:31:07
2 + 0 Twitter

1 0 0 0 Catching the Behavioral Differences between Multiple Executions for Malware Detection

著者: Takahiro KASAMA Katsunari YOSHIOKA Daisuke INOUE Tsutomu MATSUMOTO
出版者: The Institute of Electronics, Information and Communication Engineers
雑誌: IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日: vol.E96-A, no.1, pp.225-232, 2013-01-01

As the number of new malware has increased explosively, traditional malware detection approaches based on pattern matching have been less effective. Therefore, it is important to develop a detection method which relies on not signatures but characteristic behaviors of malware. Recently, malware authors have been embedding functions for countermeasure against malware analyses and detections into malware. Accordingly, modern malware often changes their runtime behaviors in each execution to tolerate against malware analyses and detections. For example, when malware copies itself on a file system, it can randomly determine its file name for avoiding the detections. Another example is that when malware tries to connect its command and control server, it randomly chooses a domain name from a hard-coded domain name list to avoid being blocked by a static blacklist of malicious domain names. We assume that such evasive behaviors are unnecessary for benign software. Therefore the behaviors can be the clues to distinguish malware from benign software. In this paper, we propose a novel behavior-based malware detection method which focuses attention on such characteristics. Our proposed method conducts dynamic analysis on an executable file multiple times in same sandbox environment so as to obtain plural lists of API call sequences and plural traffic logs, and then compares the lists and the logs to find the difference between the multiple executions. In the experiments with 5,697 malware samples and 819 benign software samples, we can detect about 70% malware samples and the false positive rate is about 1%. In addition, we can detect about 50% malware samples which were not detected by each Anti-Virus Software engine. Therefore we confirm the possibility the proposed method may be able to improve the accuracy of malware detection utilizing in combination with other existing methods.

2013-01-06 20:06:40
1 + 0 Twitter

http://search.ieice.org/bin/summary.php?id=e96-a_1_225&category=A&year=2013&lang=E&abst=