Detection of Mirai by Syntactic and Behavioral Analysis
- 1 October 2018
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 224-235
- https://doi.org/10.1109/issre.2018.00032
Abstract
The largest botnet distributed denial of service attacks in history have been executed by devices controlled by the Mirai botnet trojan. To prevent Mirai from spreading, this paper presents and evaluates techniques to classify binary samples as Mirai based on their syntactic and behavioral properties. Syntactic malware detection is shown to have a good detection rate and no false positives, but to be very easy to circumvent. Behavioral malware detection is resistant to simple obfuscation and has better detection rate than syntactic detection, while keeping false positives to zero. This paper demonstrates these results, and concludes by showing how to combine syntactic and behavioral analysis techniques for the detection of Mirai.Keywords
This publication has 30 references indexed in Scilit:
- Pushdown Model Checking for Malware DetectionLecture Notes in Computer Science, 2012
- Botnet: Classification, Attacks, Detection, Tracing, and Preventive MeasuresEURASIP Journal on Wireless Communications and Networking, 2009
- Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art surveyInformation Security Technical Report, 2009
- Improving malware detection by applying multi-inducer ensembleComputational Statistics & Data Analysis, 2009
- Automatic Generation of String Signatures for Malware DetectionLecture Notes in Computer Science, 2009
- Polymorphic malware detection and identification via context-free grammar homomorphismBell Labs Technical Journal, 2007
- Opcodes as predictor for malwareInternational Journal of Electronic Security and Digital Forensics, 2007
- Malware phylogeny generation using permutations of codeJournal of Computer Virology and Hacking Techniques, 2005
- Testing malware detectorsACM SIGSOFT Software Engineering Notes, 2004
- DDoS attacks and defense mechanisms: classification and state-of-the-artComputer Networks, 2004