Detection of Mirai by Syntactic and Semantic Analysis - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Pré-Publication, Document De Travail Année : 2017

Detection of Mirai by Syntactic and Semantic Analysis

Résumé

The largest DDoS attacks in history have been executed by devices controlled by the Mirai botnet trojan. To prevent Mirai from spreading, this paper presents and evaluates techniques to classify binary samples as Mirai based on their syntactic and semantic properties. Syntactic malware detection is shown to have a good detection rate and no false positives, but to be very easy to circumvent. Semantic malware detection is resistant to simple obfuscation and has better detection rate than syntactic detection, while keeping false positives to zero. This paper demonstrates these results, and concludes by showing how to combine syntactic and semantic analysis techniques for the detection of Mirai.
Fichier principal
Vignette du fichier
main_with_authors.pdf (528.76 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01629040 , version 1 (05-11-2017)

Identifiants

  • HAL Id : hal-01629040 , version 1

Citer

Najah Ben Said, Fabrizio Biondi, Vesselin Bontchev, Olivier Decourbe, Thomas Given-Wilson, et al.. Detection of Mirai by Syntactic and Semantic Analysis. 2017. ⟨hal-01629040⟩
632 Consultations
3035 Téléchargements

Partager

Gmail Facebook X LinkedIn More