Xây dựng hệ thống phát hiện mã độc trong thiết bị định tuyến dựa trên mô phỏng
Abstract- Nowadays, along with the Fourth Industrial Revolution is the rapid development of IoT devices networks. The router, which is used as a core to ensure the stability of the entire interacting process between IoT devices, has became a potential target for hackers. This fact leads to the risk of not only IoT devices’ security in particular but also the cyber security in general. In this paper, the authors propose a complete emulation method for collecting firmware’s operation data to detect malware in routers.
|
Tài liệu tham khảo [1] A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti, “A Large-Scale Analysis of the Security of Embedded Firmwares”, USENIX Security, pp. 95-110, 2014. [2] C. Kruegel and Y. Shoshitaishvili, “Using Static Binary Analysis To Find Vulnerabilities And Backdoors In Firmware”, Black Hat USA, 2015. [3] D. Davidson, B. Moench, S. Jha, and T. Ristenpart, “FIE on Firmware, Finding vulnerabilities in embedded systems using symbolic execution”, USENIX Security, 2013. [4] T. Ronghua, “An Integrated Malware Detection and Classification System”, No. Ph. D. Deakin University, 2011. [5] A. Moser, C. Kruegel, and E. Kirda, “Limits of Static Analysis for Malware Detection”, Computer security applications conference, pp. 421-430, 2007. [6] K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov, “Learning and Classification of Malware Behavior”. Springer Berlin Heidelberg, pp. 108-125, 2008. [7] J. Zaddach, L. Bruno, A. Francillon, and D. Balzarotti, Avatar: “A Framework to Support Dynamic Security Analysis of Embedded Systems Firmwares”, NDSS. 2014. [8] D. Chen, M. Egele, M. Woo, and D. Brumley, “Towards Automated Dynamic Analysis for Linux-based Embedded Firmware”, ISOC Network and Distributed System Security Symposium (NDSS), 2016. [9] L. Frédéric, “An introduction to I 2 C and SPI protocols”, IEEE Instrum. Meas. Mag, vol. 12, pp. 8–13, 2009. [10] E. Volpi, F. Sechi, and T. Cecchini, “System study for a head-up display based on a flexible sensor interface”, Sensors and Microsystems, Springer Netherlands, pp. 413–417, 2010. [11] Firmware mod kit [Online] https://code.google.com/archive/p/firmware-mod-kit/. [12] Binwalk [Online] http://binwalk.org . [13] J. Zaddach and A. Costin, “Embedded Devices Security and Firmware Reverse Engineering”, Black-Hat USA, 2013. [14] T. N. Phú, N. H. Trung, and N. Q. Dũng, “Phát triển công cụ dịch ngược firmware trên thiết bị định tuyến”, SOIS, 2016. [15] https://www.busybox.net. [16] https://strace.io. [17] F. Fuentes and C. Kar, “Ethereal vs. Tcpdump: a comparative study on packet sniffing tools for educational purpose”, J. Comput. Sci. Coll. Consort. Comput. Sci. Coll. USA, Apr. 2005. [18] F. Bellard, “QEMU, a fast and portable dynamic translator”, USENIX Annual Technical Conference, FREENIX Track, pp. 41-46, 2005. [19] Linux/Mirai [Online] http://www.malwaremustdie.org. |
Ngô Quốc Dũng, Lê Hải Việt, Trần Hoàng Anh, Lê Văn Hoàng, Nguyễn Việt Anh
