IoT sandbox: to analysis IoT malware Zollard

Abstract

As we know, we are already facing IoT threat and under IoT attacks. However, there are only a few discussions on, how to analyze this kind of cyber threat and malwares. In this paper, we propose IoT sandbox which can support different type of CPU architecture. It can be used to analyze IoT malwares, collect network packets, identify spread method and record malwares behaviors. To make sure our IoT sandbox can be functional, we implement it and use the Zollard botnet for experiment. According to our experimental data, we found that at least 71,148 IP have been compromised. Some of them are IoT devices (DVR, Web Camera, Router WiFi Disk, Set-top box) and others are ICS devices (Heat pump and ICS data acquisition server). Based on our IoT sandbox technology, we can discover an IoT malware in an early stage. This could help IT manager or security experts to analysis and determine IDS rules. We hope this research can prevent IoT threat and enhance IoT Security in the near future.