Tamer: A Sandbox for Facilitating and Automating IoT Malware Analysis with Techniques to Elicit Malicious Behavior

Shun Yonamine, Yuzo Taenaka, Youki Kadobayashi

2022

Abstract

As malware poses a significant threat to IoT devices, the technology to combat IoT malware, like sandbox, has not received enough attention. The majority of efforts in existing researches have focused on x86-flavored binaries that are not used for IoT devices. In fact, we have witnessed that many samples of IoT malware that can be observed in the wild are ARM binaries. In this paper, we propose a novel sandbox for analyzing Linux malware including IoT malware. Our sandbox system, called Tamer, supports dynamic analysis for ARM binaries and has some features to automate and facilitate IoT malware analysis, like the automated interaction mechanism and the fake network environment for dynamic analysis. In addition, our system adopts features, like dynamic binary instrumentation and virtual machine introspection, which may allow retrieving further insights from malware. With the dataset of real-world malware, we demonstrated that our sandbox system can analyze IoT malware which is specifically designed for infecting IoT devices. Through an analysis experiment on a large number of IoT malware samples, we demonstrate a possibility that our system could facilitate a large scale analysis in an automated manner and retrieve further insights from IoT malware.

Download


Paper Citation


in Harvard Style

Yonamine S., Taenaka Y. and Kadobayashi Y. (2022). Tamer: A Sandbox for Facilitating and Automating IoT Malware Analysis with Techniques to Elicit Malicious Behavior. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ForSE, ISBN 978-989-758-553-1, pages 677-687. DOI: 10.5220/0010968300003120


in Bibtex Style

@conference{forse22,
author={Shun Yonamine and Yuzo Taenaka and Youki Kadobayashi},
title={Tamer: A Sandbox for Facilitating and Automating IoT Malware Analysis with Techniques to Elicit Malicious Behavior},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,},
year={2022},
pages={677-687},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010968300003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,
TI - Tamer: A Sandbox for Facilitating and Automating IoT Malware Analysis with Techniques to Elicit Malicious Behavior
SN - 978-989-758-553-1
AU - Yonamine S.
AU - Taenaka Y.
AU - Kadobayashi Y.
PY - 2022
SP - 677
EP - 687
DO - 10.5220/0010968300003120