Journal of Internet of Things and Convergence (사물인터넷융복합논문지)

The Korea Internet of Things Society (한국사물인터넷학회)
권호 표지
DOI QR코드

DOI QR Code

Intrusion Artifact Acquisition Method based on IoT Botnet Malware

IoT 봇넷 악성코드 기반 침해사고 흔적 수집 방법

  • 이형우 (한신대학교 컴퓨터공학부)
  • Received : 2021.06.24
  • Accepted : 2021.08.24
  • Published : 2021.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

With the rapid increase in the use of IoT and mobile devices, cyber criminals targeting IoT devices are also on the rise. Among IoT devices, when using a wireless access point (AP), problems such as packets being exposed to the outside due to their own security vulnerabilities or easily infected with malicious codes such as bots, causing DDoS attack traffic, are being discovered. Therefore, in this study, in order to actively respond to cyber attacks targeting IoT devices that are rapidly increasing in recent years, we proposed a method to collect traces of intrusion incidents artifacts from IoT devices, and to improve the validity of intrusion analysis data. Specifically, we presented a method to acquire and analyze digital forensics artifacts in the compromised system after identifying the causes of vulnerabilities by reproducing the behavior of the sample IoT malware. Accordingly, it is expected that it will be possible to establish a system that can efficiently detect intrusion incidents on targeting large-scale IoT devices.

IoT와 모바일 기기 사용이 급격히 증가하면서 IoT 기기를 대상으로 한 사이버 범죄 역시 늘어나고 있다. IoT 기기 중 Wireless AP(Access Point)를 사용할 경우 자체 보안 취약성으로 인해 패킷이 외부로 노출되거나 Bot과 같은 악성코드에 손쉽게 감염되어 DDoS 공격 트래픽을 유발하는 등의 문제점이 발견되고 있다. 이에 본 연구에서는 최근 급증하는 IoT 기기 대상 사이버 공격에 능동적으로 대응하기 위해 공공분야 시장 점유율이 높은 IoT 기기를 대상으로 침해사고 흔적을 수집하고, 침해사고 분석 데이터의 유효성을 향상시키기 위한 방법을 제시하였다. 구체적으로, 샘플 IoT 악성코드를 대상으로 동작 재현을 통해 취약점 발생 요인을 파악한 후 침해 시스템 내 주요 침해사고 흔적 데이터를 획득하고 분석하는 방법을 제시하였다. 이에 따라 대단위 IoT 기기를 대상으로 한 침해사고 발생시 이에 효율적으로 대응할 수 있는 체계를 구축할 수 있을 것으로 기대된다.

Keywords

Acknowledgement

이 성과의 일부는 2021년도 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 연구임 (No 2021R1F1A1046954).

References

  1. I. Ali et al., "Systematic Literature Review on IoT-Based Botnet Attack," in IEEE Access, Vol. 8, pp. 212220-212232, 2020, https://doi.org/10.1109/ACCESS.2020.3039985
  2. Maria Stoyanova, Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Pallis, and Evangelos K. Markakis, "A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues," IEEE COMMUNICATIONS SURVEYS & TUTORIALS, Vol. 22, No. 2, pp.1191-1221, SECOND QUARTER 2020. https://doi.org/10.1109/COMST.2019.2962586
  3. Xiaolu Zhang, Oren Upton, Nicole Lang Beebe, Kim-Kwang Raymond Choo. "IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers," Digital Investigation, Elsevier, Vol.32, pp.S1-S10, 2020.
  4. J. Margolis, T. T. Oh, S. Jadhav, Y. H. Kim, and J. N. Kim, "An in-depth analysis of the mirai botnet," in Proc. Int. Conf. Softw. Secur. Assurance (ICSSA), pp. 6-12, Jul. 2017.
  5. Anchit Bijalwan, Vijender Kumar Solanki, Emmanuel Shubhakar Pilli, "Botnet Forensic: Issues, Challenges and Good Practices," Network Protocols and Algorithms, Vol.10, No. 2, pp.28-51, 2018. https://doi.org/10.5296/npa.v10i2.13144
  6. Ibrar Yaqoob, Ibrahim Abaker Targio Hashem, Arif Ahmed, S. M. Ahsan Kazmia, Choong Seon Hong, "Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges," Future Generation Computer Systems . September 2018.
  7. Dongkwan Kim, Daeyong Jeong, Cheolsoo Lee, "A Study on Digital Forensic Process Model of Wireless Router," Journal of Digital Forensics, Vol.11, No.1, pp.17-35, 2017. https://doi.org/10.22798/KDFS.2017.11.1.17
  8. M. Wazzan, D. Algazzawi, O. Bamasaq, A. Albeshri, L. Cheng, "Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research," Applied Science Vol.11, 5713, 2021. https://doi.org/10.3390/app11125713
  9. A. Alenezi, H. Atlam, R. Alsagri, M. Alassafi, and G. Wills, "IoT Forensics: A State-of-the-Art Review, Challenges and Future Directions," Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), pages 106-115.
  10. Bruce Nikkel, "Forensic Artifacts in Modern Linux Systems," Bern University of Applied Sciences, https://digitalforensics.ch/nikkel18.pdf
  11. Weam Saadi Hamza, Hassan Muayad Ibrahim, Methaq Abdullah Shyaa, Jane J. Stephan, "IoT Botnet Detection: Challenges and Issues," Test Engineering & Management, Vol. 83, pp.15092-15097, 2020.
  12. X. Zhang, K. R. Choo and N. L. Beebe, "How Do I Share My IoT Forensic Experience With the Broader Community? An Automated Knowledge Sharing IoT Forensic Platform," IEEE Internet of Things Journal, Vol. 6, No. 4, pp. 6850-6861, Aug. 2019. https://doi.org/10.1109/jiot.2019.2912118
  13. Harichandran, Vikram & Walnycky, Daniel & Baggili, Ibrahim & Breitinger, Frank, "CuFA: A more formal definition for digital forensic artifacts," Digital Investigation. Vol.18, pp.S125-S137, 2016. https://doi.org/10.1016/j.diin.2016.04.005
  14. Sun-Jib Kim, "A IoT Security Service based on Authentication and Lightweight Cryptography Algorithm," Journal of KIoTS. Vol.7, No.1, pp.1-7, 2021.
  15. Ho-Seung Kim, Chang-Won Choi, "A Degisn on Error Tracking System for Enhanced-Reliable IoT Service," Journal of KIoTS. Vol.6, No.3, pp.15-20, 2020.