PsybOt malware: A step-by-step decompilation case study

Ďurfina, Lukáš; Křoustek, Jakub; Zemek, Petr

doi:10.1109/wcre.2013.6671321

Cited by 22 publications

(13 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Forensic analysis of devices infected by Mirai botnet is provided by Zhang et al [98]. Other botnet studies include analysis on Chuck Norris botnet byČeleda et al [99], [100], Dofloo/Spike botnet by Bohio et al [101], Psyb0t analysis by Durfina et al [102], and Baume et al [103]. IoT security-specific survey was presented by Pajouh et al [104], intrusion detection system specific IoT review was provided by Khraisat et al [105], DDoS attack mitigating intrusion detection systems are surveyed by Mishra et al in [106].…”

Section: Related Workmentioning

confidence: 99%

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

In recent years, the increase in non-Windows malware threats had turned the focus of the cybersecurity community. Research works on hunting Windows PE-based malwares are maturing, whereas the developments on Linux malware threat hunting are relatively scarce. With the advent of the Internet of Things (IoT) era, smart devices that are getting integrated into human life have become a hackers' highway for their malicious activities. The IoT devices employ various Unix-based architectures that follow ELF (Executable and Linkable Format) as their standard binary file specification. This study aims at providing a comprehensive survey on the latest developments in cross-architectural IoT malware detection and classification approaches. Aided by a modern taxonomy, we discuss the feature representations, feature extraction techniques, and machine learning models employed in the surveyed works. We further provide more insights on the practical challenges involved in cross-architectural IoT malware threat hunting and discuss various avenues to instill potential future research.

show abstract

Section: Related Workmentioning

confidence: 99%

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Converting binaries to source code: A complementary approach is to try to generate the source code from the binary, but this is a very hard task. Some works [18,19] focus on reverse engineering of the malware binary to a high-level language representation, but not source code. Some other efforts [11,27,56] introduce binary decompilation into readable source code.…”

Section: Related Workmentioning

confidence: 99%

SourceFinder: Finding Malware Source-Code from Publicly Available Repositories

Rokon,

Islam,

Darki

et al. 2020

Preprint

View full text Add to dashboard Cite

Where can we find malware source code? This question is motivated by a real need: there is a dearth of malware source code, which impedes various types of security research. Our work is driven by the following insight: public archives, like GitHub, have a surprising number of malware repositories. Capitalizing on this opportunity, we propose, SourceFinder, a supervised-learning approach to identify repositories of malware source code efficiently. We evaluate and apply our approach using 97K repositories from GitHub. First, we show that our approach identifies malware repositories with 89% precision and 86% recall using a labeled dataset. Second, we use SourceFinder to identify 7504 malware source code repositories, which arguably constitutes the largest malware source code database. Finally, we study the fundamental properties and trends of the malware repositories and their authors. The number of such repositories appears to be growing by an order of magnitude every 4 years, and 18 malware authors seem to be "professionals" with well-established online reputation. We argue that our approach and our large repository of malware source code can be a catalyst for research studies, which are currently not possible.

show abstract

“…3, IoT botnets are performing many attacks. In this section, an IoT botnet comparison is done at Table 5 based on model architecture, attacks, target, operation, and propagation [6,[13][14][15][16][17][18][19][20][21][22][23]28]. Table 5 lists the botnets analyzed in this work along with their topology, targets, types of attacks and the infection/operation stages studied in Sect.…”

Section: Related Workmentioning

confidence: 99%

IoT Botnets

Beltrán-García¹,

Aguirre-Anaya²,

Escamilla-Ambrosio³

et al. 2019

Communications in Computer and Information Science

View full text Add to dashboard Cite

This paper presents a comprehensive state-of-art review that discusses the IoT botnet behaviour, including topology and communication between botmaster and bots, thus is possible to make a comparison of IoT botnets, based on their topology, type of attack, target, kind of propagation and operation. In several investigations, it is explained that a significant problem is an increase in the development of IoT botnets, such as attacks like DDoS. To this aim, understanding the behaviour of the IoT botnets could be helpful to prevent them.

show abstract

PsybOt malware: A step-by-step decompilation case study

Cited by 22 publications

References 4 publications

A Survey on Cross-Architectural IoT Malware Threat Hunting

A Survey on Cross-Architectural IoT Malware Threat Hunting

SourceFinder: Finding Malware Source-Code from Publicly Available Repositories

IoT Botnets

Contact Info

Product

Resources

About