eprintid: 3761
rev_number: 10
eprint_status: archive
userid: 274
dir: disk0/00/00/37/61
datestamp: 2019-12-09 09:25:38
lastmod: 2019-12-09 09:25:38
status_changed: 2019-12-09 09:25:38
type: article
metadata_visibility: show
creators_name: Tran, Nghi Phu
creators_name: Ngo, Quoc Dung
creators_name: Le, Van Hoang
creators_name: Nguyen, Dai Tho
creators_name: Nguyen, Ngoc Binh
creators_id: tnphvan@gmail.com
creators_id: nguyendaitho@vnu.edu.vn
creators_id: nnbinh@vnu.edu.vn
corp_creators: VNU University of Engineering and Technology
corp_creators: People’s Security Academy
title: A System Emulation for Malware Detection in Routers
ispublished: pub
subjects: IT
subjects: Scopus
divisions: fac_fit
abstract: Nowadays, there are many discussions on the fourth industrial revolution with a combination of real physical and virtual systems (Cyber Physical Systems), Internet of Things (IoT) and Internet of Services (IoS). Along with this revolution is the rapid development of malicious code on IoT devices, leading to not only the risk of personal privacy information leaking but also the risk of network security in general. In this paper, we propose C500-toolkit, a novel tool for malware detection in Commercial-off-the-shelf routers, based on dynamic analysis approach. The main contribution of C500-toolkit is to provide an environment for fully emulating router firmware image including both operating system and web-interface. To show the advantage of C500-toolkit, experiments of this tool with embedded malwares Linux/TheMoon and Linux/Mirai are presented.
date: 2019-09
date_type: published
publisher: Blue Eyes Intelligence Engineering & Sciences Publication
official_url: https://www.ijitee.org/
id_number: J99090881019/2019©BEIESP
full_text_status: public
publication: International Journal of Innovative Technology and Exploring Engineering (IJITEE)
volume: 8
number: 11
pagerange: 32-40
refereed: TRUE
issn: 2278-3075
related_url_url: https://www.ijitee.org/wp-content/uploads/papers/v8i11/J99090881019.pdf
referencetext: 1. Ashton Kevin, That Internet of things thing. RFiD Journal 22 (7)
(2009) 97-114.
2. The internet of things: How the next evolution of the internet is
changing everything. URL http://www.cisco.com/
3. Yan Shoshitaishvili, Wang Ruoyu, Hauser Christophe, Kruegel
Christopher and Vigna Giovanni, Firmalice-Automatic Detection of
Authentication Bypass Vulnerabilities in Binary Firmware, NDSS,
2015.
4. Colin Tankard, The security issues of the internet of things, Computer
Fraud&Security (9), pages: 11-14, 2015.
5. Elisa Bertino and Nayeem Islam. Botnets and Internet of Things
Security. In IEEE Computer Society, 2017, p.76-79. IEEE, n.d.
https://doi.org/10.1109/MC.2017.62.
6. P. Beckett. Gdpr compliance: your tech department’s next big
opportunity. Computer Fraud & Security 2017 (5) (2017) 9-13.
7. Internet of things top 10 project. URL www.owasp.org/
8. Pavel Celeda, Radek Krejci, and Vojtech Krmicek. Revealing and
Analysing Modem Malware. In IEEE International Conference on
Communications (ICC). Ottawa, ON, Canada, 2012, pp. 971-975.
https://doi.org/10.1109/ICC.2012.6364598.
9. Drew Davidson, Benjamin Moench, Thomas Ristenpart, Somesh Jha.
Fie on firmware: Finding vulnerabilities in embedded systems using
symbolic execution. USENIX Security Symposium (2013) 463-478.
10. Andrei Costin, Jonas Zaddach, Aure’lien Francillon and Davide
Balzarotti. A large-scale analysis of the security of embedded
firmwares. In Proceedings of the 23rd USENIX Security Symposium,
2014, pp.95-110 Online]. Available:
https://www.usenix.org/conference/usenixsecurity14/techincal-sessio
ns/presentation/costin.
11. Yan Shoshitaishvili, Wang Ruoyu, Hauser Christophe, Kruegel
Christopher and Vigna Giovanni. Firmalice-Automatic Detection of
Authentication Bypass Vulnerabilities in Binary Firmware. NDSS,
2015.
12. Daming Chen, Manuel Egele, Maverick Woo and David Brumley,
Towards Automated Dynamic Analysis for Linux-based Embedded
Firmware. Carnegie Mellon University, 2015.
13. Christopher Kruegel, Yan Shoshitaishvili. Using static binary analysis
to find vulnerabilities and backdoors in firmware. Black Hat USA,
2015.
14. Andrei Costin, Zarras Apostolis, and Aure’lien Francillon. Automated
dynamic firmware analysis at scale: A case study on embedded web
interfaces. Proceedings of the 11th ACM on Asia Conference on
Computer and Communications Security, ACM, 2016, pp. 437-448.
15. QEMU. URL http://www.qemu.org/
16. Kai-Chi Chang, Raylin Tso, Min-Chun Tsai, IoT sandbox: to analysis
IoT malware Zollard, International Conference on Internet of things
and Cloud Computing, pages: 4-12, 2017.
17. Pa Yin Minn Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu
Matsumoto, Takahiro Kasama, and Christian Rossow. IoTPOT: A
Novel Honeypot for Revealing Current IoT Threats. Journal of
Information Processing 24, no. 3 (2016): 522-533.
https://doi.org/10.2197/ipsjjip.24.522.
18. Suspected Mass Exploit Against Linksys E1000 / E1200 Routers.
Available at:
https://isc.sans.edu/forums/diary/Suspected+Mass+Exploit+Against+
Linksys+E1000+E1200+Routers/17621/.
19. Ahmad Darki, Chun-Yu Chuang, Michalis Faloutsos, Zhiyun Qian and
Heng Yin. RARE: A Systematic Augmented Router Emulation for
Malware Analysis. In Passive and Active Measurement, edited by
Robert Beverly, Georgios Smaragdakis, and Anja Feldmann, 60-72.
Lecture Notes in Computer Science. Springer International Publishing,
2018.
20. Frederic Leens. An Introduction to I2C and SPI Protocols. IEEE
Instrumentation Measurement Magazine 12, no. 1 (February 2009):
8-13. https://doi.org/10.1109/MIM.2009.4762946.
21. E. Volpi, F. Sechi, T. Cecchini, F. Battini, L. Bacciarelli, L. Fanucci,
M. Marinis. System Study for a Head-Up Display Based on a Flexible
Sensor Interface. In Sensors and Microsystems, edited by Piero
Malcovati, Andrea Baschirotto, Arnaldo Amico, and Corrado Natale,
413-417. Lecture Notes in Electrical Engineering. Springer
Netherlands, 2010.
22. Firmware mod kit.
23. URL https://code.google.com/archive/p/firmware-mod-kit
24. Binwalk. URL http://binwalk.org/
25. Tran Nghi Phu, Nguyen Ngoc Binh, Ngo Quoc Dung, and Le Van
Hoang. Towards Malware Detection in Routers with C500-Toolkit. In
2017 5th International Conference on Information and Communication
Technology (ICoIC7), 1-5, 2017.
https://doi.org/10.1109/ICoICT.2017.8074691.
26. Busybox. URL https://www.busybox.net/
27. The moon malware. URL https://www.sans.org/
28. Mirai malware. URL https://github.com/jgamblin/Mirai-Source-Code
29. T. Pultarova, Webcam hack shows vulnerability of connected devices,
Engineering Technology 11 (11) (2016) 10-10.
citation:   Tran, Nghi Phu and Ngo, Quoc Dung and Le, Van Hoang and Nguyen, Dai Tho and Nguyen, Ngoc Binh  (2019) A System Emulation for Malware Detection in Routers.  International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8  (11).   pp. 32-40.  ISSN 2278-3075     
document_url: https://eprints.uet.vnu.edu.vn/eprints/id/eprint/3761/1/J99090881019.pdf