SandBox for IoT Malware analysis (Diseker)

The market of IoT devices has been increasing rapidly in the last few years, adding new devices and tools to homes, adding new tools that can be managed remotely to hospitals and allowing us to monitor our health and security very closely by using wearables and installing cameras in our houses, but...

Descripción completa

Detalles Bibliográficos
Autor: El Azizi, Oussama
Tipo de recurso: tesis de maestría
Fecha de publicación:2020
País:España
Institución:Universitat Oberta de Catalunya (UOC)
Repositorio:O2, repositorio institucional de la UOC
OAI Identifier:oai:openaccess.uoc.edu:10609/128287
Acceso en línea:http://hdl.handle.net/10609/128287
Access Level:acceso abierto
Palabra clave:sandbox
malware
malware analysis
iot
programari maliciós
anàlisi de programari maliciós
análisis de malware
Computer security -- TFM
Seguretat informàtica -- TFM
Seguridad informática -- TFM
Descripción
Sumario:The market of IoT devices has been increasing rapidly in the last few years, adding new devices and tools to homes, adding new tools that can be managed remotely to hospitals and allowing us to monitor our health and security very closely by using wearables and installing cameras in our houses, but the fast and rapid increase of those limited resource devices made the industry start developing new devices without standardization, using weak cryptography systems that can be easily broken due to the limited resources or by deploying devices without the proper services to install them in houses or hospitals (such as cameras and monitorization devices). The lack of standardization, weak security configurations and outdated systems used by the IoT devices in the market, has made the IoT devices an easy target to threat actors which in turn increased the presence of IoT malware on the internet. Those threat actors take advantage of the presence of such security weak devices and use them for attacks such DDoS, mining or spamming. In this project I will be discussing a readapted sandbox for IoT devices that will help security analysts tun malicious code in it and understand it behaviour which will help them extract IOCs and create signatures to protect network and devices from being used maliciously. This sandbox with the name Diseker, was successful of analysing multiple malware instances as well as helped established a pattern performed by most of the malware in the dataset.