Identifying and Characterizing Bashlite and Mirai C&C Servers

2019 IEEE Symposium on Computers and Communications (ISCC)(2019)

Cited 7|Views153
No score
IoT devices are often a vector for assembling massive botnets, as a consequence of being broadly available, having limited security protections, and significant challenges in deploying software upgrades. Such botnets are usually controlled by centralized Command-and-Control (C&C) servers, which need to be identified and taken down to mitigate threats. In this paper we propose a framework to infer C&C server IP addresses using four heuristics. Our heuristics employ static and dynamic analysis to automatically extract information from malware binaries. We use active measurements to validate inferences, and demonstrate the efficacy of our framework by identifying and characterizing C&C servers for 62% of 1050 malware binaries collected using 47 honeypots.
Translated text
Key words
IoT devices,massive botnets,security protections,software upgrades,C&C server IP addresses,dynamic analysis,active measurements,malware binaries,Bashlite and Mirai C&C servers,centralized command-and-control servers,threat mitigation,static analysis,information extraction
AI Read Science
Must-Reading Tree
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined