Abstract
With the increasing use of resource-constrained IoT devices, the number of IoT Botnets has exploded with many variations and ways of penetration. Nowadays, studies based on machine learning and deep learning have focused on dealing with IoT Botnet with many successes, and these studies have required relevant data during malware execution. For this, the sandbox environment and behavior collection tools play an essential role. However, the existing sandboxes do not provide adequate behavior data of IoT botnet such as the C&C server communication, shared libraries requirements. Moreover, these sandboxes do not support a wide range of CPU architectures, data is not exhaustively collected during executable file runtime. In this paper, we present a new practical sandbox, named V-Sandbox, for dynamic analysis of the IoT Botnet. This sandbox is an ideal environment for IoT Botnet samples that exhibit all of their malicious behavior. It supports the C&C servers connection, shared libraries for dynamic files, and a wide range of CPU architectures. Experimental results on the 6141 IoT Botnet samples in our dataset have demonstrated the effectiveness of the proposed sandbox, compared to existing ones. The contribution of this paper is specific to the development of a usable, efficient sandbox for dynamic analysis of resource-constrained IoT devices.
Highlights
In recent years, the security of IoT devices has been of great interest to many researchers since a large number of IoT devices have been attacked and exploited vulnerabilities [1]– [6]
All of these QEMU virtual machines are connected to a virtual switch for management, providing a simulated network environment as well as the ability to connect to the command and control (C&C) server, monitor network traffic, and add missing libraries
The C&C simulator provides the ability to communicate between ELF and the C&C server by navigating the connection of the virtual switch combined with a set of command lists gathered from the Internet, paper [36], [42], [48], etc
Summary
The security of IoT devices has been of great interest to many researchers since a large number of IoT devices have been attacked and exploited vulnerabilities [1]– [6]. With the rapid growth in number [7] and less attention to information security [8]–[10], IoT devices gradually become an attractive target for attackers. In this paper, based on Bencheton’s classification approach [11], IoT devices are divided into resource-constrained and highcapacity ones. We propose a sandbox to deal with resource-constrained IoT devices for the following reasons:. Resourceconstrained devices have become an attractive target for hackers with many new variants of Botnets. This field is a big challenge for researchers to deal with IoT Botnet detection for these devices
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
