Mirai恶意软件分析

2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM) Pub Date : 2017-09-01 DOI:10.23919/SOFTCOM.2017.8115504

Hamdija Sinanovic, S. Mrdović

{"title":"Mirai恶意软件分析","authors":"Hamdija Sinanovic, S. Mrdović","doi":"10.23919/SOFTCOM.2017.8115504","DOIUrl":null,"url":null,"abstract":"This paper tries to shed more light on Mirai malware, with an aim to facilitate its easier detection and prevention. This malware was used in several recent high profile DDoS attacks. Mirai is used to create and control botnet of IoT devices. The code of this malware is analysed and explanation of its parts provided. Virtual environment for dynamic analysis of Mirai is created. Special settings that were needed to install, start and use Mirai in this environment are explained. Mirai CNC user environment with list of commands is presented. Controlled DDoS attack was successfully executed. Traffic generated during controlled attacks was used to generate signature for Mirai detection. Conclusion of static and dynamic analysis is given together with some mitigation advices.","PeriodicalId":189860,"journal":{"name":"2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","volume":"147 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"65","resultStr":"{\"title\":\"Analysis of Mirai malicious software\",\"authors\":\"Hamdija Sinanovic, S. Mrdović\",\"doi\":\"10.23919/SOFTCOM.2017.8115504\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper tries to shed more light on Mirai malware, with an aim to facilitate its easier detection and prevention. This malware was used in several recent high profile DDoS attacks. Mirai is used to create and control botnet of IoT devices. The code of this malware is analysed and explanation of its parts provided. Virtual environment for dynamic analysis of Mirai is created. Special settings that were needed to install, start and use Mirai in this environment are explained. Mirai CNC user environment with list of commands is presented. Controlled DDoS attack was successfully executed. Traffic generated during controlled attacks was used to generate signature for Mirai detection. Conclusion of static and dynamic analysis is given together with some mitigation advices.\",\"PeriodicalId\":189860,\"journal\":{\"name\":\"2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)\",\"volume\":\"147 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"65\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/SOFTCOM.2017.8115504\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/SOFTCOM.2017.8115504","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 65

摘要

本文试图揭示更多的Mirai恶意软件，目的是促进其更容易的检测和预防。这个恶意软件被用在了最近几次引人注目的DDoS攻击中。Mirai用于创建和控制物联网设备的僵尸网络。对该恶意软件的代码进行了分析，并对其各部分进行了说明。创建了Mirai动态分析的虚拟环境。说明了在这种环境中安装、启动和使用Mirai所需的特殊设置。给出了带有命令列表的Mirai CNC用户环境。受控DDoS攻击成功。利用受控攻击产生的流量生成签名进行Mirai检测。给出了静力和动力分析的结论，并提出了相应的改进建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of Mirai malicious software

This paper tries to shed more light on Mirai malware, with an aim to facilitate its easier detection and prevention. This malware was used in several recent high profile DDoS attacks. Mirai is used to create and control botnet of IoT devices. The code of this malware is analysed and explanation of its parts provided. Virtual environment for dynamic analysis of Mirai is created. Special settings that were needed to install, start and use Mirai in this environment are explained. Mirai CNC user environment with list of commands is presented. Controlled DDoS attack was successfully executed. Traffic generated during controlled attacks was used to generate signature for Mirai detection. Conclusion of static and dynamic analysis is given together with some mitigation advices.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 25th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

自引率

0.00%

发文量