Detection of Mirai by Syntactic and Semantic Analysis

Abstract : The largest DDoS attacks in history have been executed by devices controlled by the Mirai botnet trojan. To prevent Mirai from spreading, this paper presents and evaluates techniques to classify binary samples as Mirai based on their syntactic and semantic properties. Syntactic malware detection is shown to have a good detection rate and no false positives, but to be very easy to circumvent. Semantic malware detection is resistant to simple obfuscation and has better detection rate than syntactic detection, while keeping false positives to zero. This paper demonstrates these results, and concludes by showing how to combine syntactic and semantic analysis techniques for the detection of Mirai.
Type de document :
Pré-publication, Document de travail
2017
Liste complète des métadonnées

Littérature citée [41 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01629040
Contributeur : Fabrizio Biondi <>
Soumis le : dimanche 5 novembre 2017 - 22:47:53
Dernière modification le : jeudi 11 janvier 2018 - 06:28:15

Fichier

main_with_authors.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01629040, version 1

Citation

Najah Ben Said, Fabrizio Biondi, Vesselin Bontchev, Olivier Decourbe, Thomas Given-Wilson, et al.. Detection of Mirai by Syntactic and Semantic Analysis. 2017. 〈hal-01629040〉

Partager

Métriques

Consultations de la notice

121

Téléchargements de fichiers

84