著者
Yin Minn Pa Pa Shogo Suzuki Katsunari Yoshioka Tsutomu Matsumoto Takahiro Kasama Christian Rossow
出版者
一般社団法人 情報処理学会
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.24, no.3, pp.522-533, 2016 (Released:2016-05-15)
参考文献数
32
被引用文献数
1 123

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 5 distinct DDoS malware families targeting Telnet-enabled IoT devices and one of the families has quickly evolved to target more devices with as many as 9 different CPU architectures.
著者
Tsutomu Matsumoto Junichi Sakamoto Manami Suzuki Dai Watanabe Naoki Yoshida
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.31, pp.700-707, 2023 (Released:2023-09-15)
参考文献数
25

The RAM encryption encrypts the data on memory to prevent data leakage from an adversary to eavesdrop the memory space of the target program. The well-known implementation is Intel SGX, whose RAM encryption mechanism is definitely hardware dependent. In contrast, Watanabe et al. proposed a fully software-based RAM encryption scheme (SBRES). In this paper, we developed the tools for embedding the SBRES in C source codes for its practical application. We applied the tools to the source codes of some cryptographic implementations in Mbed TLS and confirmed that the tools successfully embedded the SBRES functionality in the cryptographic implementations.
著者
Takahiro KASAMA Katsunari YOSHIOKA Daisuke INOUE Tsutomu MATSUMOTO
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E96-A, no.1, pp.225-232, 2013-01-01

As the number of new malware has increased explosively, traditional malware detection approaches based on pattern matching have been less effective. Therefore, it is important to develop a detection method which relies on not signatures but characteristic behaviors of malware. Recently, malware authors have been embedding functions for countermeasure against malware analyses and detections into malware. Accordingly, modern malware often changes their runtime behaviors in each execution to tolerate against malware analyses and detections. For example, when malware copies itself on a file system, it can randomly determine its file name for avoiding the detections. Another example is that when malware tries to connect its command and control server, it randomly chooses a domain name from a hard-coded domain name list to avoid being blocked by a static blacklist of malicious domain names. We assume that such evasive behaviors are unnecessary for benign software. Therefore the behaviors can be the clues to distinguish malware from benign software. In this paper, we propose a novel behavior-based malware detection method which focuses attention on such characteristics. Our proposed method conducts dynamic analysis on an executable file multiple times in same sandbox environment so as to obtain plural lists of API call sequences and plural traffic logs, and then compares the lists and the logs to find the difference between the multiple executions. In the experiments with 5,697 malware samples and 819 benign software samples, we can detect about 70% malware samples and the false positive rate is about 1%. In addition, we can detect about 50% malware samples which were not detected by each Anti-Virus Software engine. Therefore we confirm the possibility the proposed method may be able to improve the accuracy of malware detection utilizing in combination with other existing methods.