바로가기메뉴

본문 바로가기 주메뉴 바로가기

ACOMS+ 및 학술지 리포지터리 설명회

  • 한국과학기술정보연구원(KISTI) 서울분원 대회의실(별관 3층)
  • 2024년 07월 03일(수) 13:30
 

IoT 봇넷 악성코드 기반 침해사고 흔적 수집 방법

Intrusion Artifact Acquisition Method based on IoT Botnet Malware

한국사물인터넷학회논문지 / Journal of The Korea Internet of Things Society, (P)2466-0078;
2021, v.7 no.3, pp.1-8
https://doi.org/https://doi.org/10.20465/kiots.2021.7.3.001
이형우 (한신대학교)
  • 다운로드 수
  • 조회수

초록

IoT와 모바일 기기 사용이 급격히 증가하면서 IoT 기기를 대상으로 한 사이버 범죄 역시 늘어나고 있다. IoT 기기 중 Wireless AP(Access Point)를 사용할 경우 자체 보안 취약성으로 인해 패킷이 외부로 노출되거나 Bot과 같은악성코드에 손쉽게 감염되어 DDoS 공격 트래픽을 유발하는 등의 문제점이 발견되고 있다. 이에 본 연구에서는 최근급증하는 IoT 기기 대상 사이버 공격에 능동적으로 대응하기 위해 공공분야 시장 점유율이 높은 IoT 기기를 대상으로침해사고 흔적을 수집하고, 침해사고 분석 데이터의 유효성을 향상시키기 위한 방법을 제시하였다. 구체적으로, 샘플IoT 악성코드를 대상으로 동작 재현을 통해 취약점 발생 요인을 파악한 후 침해 시스템 내 주요 침해사고 흔적 데이터를 획득하고 분석하는 방법을 제시하였다. 이에 따라 대단위 IoT 기기를 대상으로 한 침해사고 발생시 이에 효율적으로대응할 수 있는 체계를 구축할 수 있을 것으로 기대된다.

keywords
IoT 기기, 봇넷, 악성코드, 침해사고, 디지털 아티팩트 및 흔적 수집, IoT devices, botnets, malware, intrusion, digital evidence and artifacts collection.

Abstract

With the rapid increase in the use of IoT and mobile devices, cyber criminals targeting IoT devices are also on the rise. Among IoT devices, when using a wireless access point (AP), problems such as packets being exposed to the outside due to their own security vulnerabilities or easily infected with malicious codes such as bots, causing DDoS attack traffic, are being discovered. Therefore, in this study, in order to actively respond to cyber attacks targeting IoT devices that are rapidly increasing in recent years, we proposed a method to collect traces of intrusion incidents artifacts from IoT devices, and to improve the validity of intrusion analysis data. Specifically, we presented a method to acquire and analyze digital forensics artifacts in the compromised system after identifying the causes of vulnerabilities by reproducing the behavior of the sample IoT malware. Accordingly, it is expected that it will be possible to establish a system that can efficiently detect intrusion incidents on targeting large-scale IoT devices.

keywords
IoT 기기, 봇넷, 악성코드, 침해사고, 디지털 아티팩트 및 흔적 수집, IoT devices, botnets, malware, intrusion, digital evidence and artifacts collection.

참고문헌

1.

I. Ali et al., "Systematic Literature Review on IoT-Based Botnet Attack," in IEEE Access, Vol. 8, pp. 212220-212232, 2020,

2.

Maria Stoyanova, Yannis Nikoloudakis, Spyridon Panagiotakis, Evangelos Pallis, and Evangelos K. Markakis, “A Survey on the Internet of Things (IoT)Forensics: Challenges, Approaches, and Open Issues,”IEEE COMMUNICATIONS SURVEYS & TUTORIALS, Vol. 22, No. 2, pp.1191-1221, SECOND QUARTER 2020.

3.

Xiaolu Zhang, Oren Upton, Nicole Lang Beebe, Kim-Kwang Raymond Choo. “IoT Botnet Forensics: A Comprehensive Digital Forensic Case Study on Mirai Botnet Servers,” Digital Investigation, Elsevier, Vol.32, pp.S1-S10, 2020.

4.

J. Margolis, T. T. Oh, S. Jadhav, Y. H. Kim, and J. N. Kim, ''An in-depth analysis of the mirai botnet,'' in Proc. Int. Conf. Softw. Secur. Assurance (ICSSA), pp. 6-12, Jul. 2017.

5.

Anchit Bijalwan, Vijender Kumar Solanki, Emmanuel Shubhakar Pilli, “Botnet Forensic: Issues, Challenges and Good Practices,” Network Protocols and Algorithms, Vol.10, No. 2, pp.28-51, 2018.

6.

Ibrar Yaqoob, Ibrahim Abaker Targio Hashem, Arif Ahmed, S. M. Ahsan Kazmia, Choong Seon Hong, “Internet of things forensics: Recent advances, taxonomy, requirements, and open challenges,”Future Generation Computer Systems · September 2018.

7.

Dongkwan Kim, Daeyong Jeong, Cheolsoo Lee, “A Study on Digital Forensic Process Model of Wireless Router,” Journal of Digital Forensics, Vol.11, No.1, pp.17-35, 2017.

8.

M. Wazzan, D. Algazzawi, O. Bamasaq, A. Albeshri, L. Cheng, “Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research,” Applied Science Vol.11, 5713, 2021.

9.

A. Alenezi, H. Atlam, R. Alsagri, M. Alassafi, and G. Wills, “IoT Forensics: A State-of-the-Art Review, Challenges and Future Directions,” Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), pages 106-115.

10.

Bruce Nikkel, “Forensic Artifacts in Modern Linux Systems,” Bern University of Applied Sciences, https://digitalforensics.ch/nikkel18.pdf

11.

Weam Saadi Hamza, Hassan Muayad Ibrahim, Methaq Abdullah Shyaa, Jane J. Stephan, “IoT Botnet Detection: Challenges and Issues,” Test Engineering &Management, Vol. 83, pp.15092-15097, 2020.

12.

X. Zhang, K. R. Choo and N. L. Beebe, "How Do I Share My IoT Forensic Experience With the Broader Community? An Automated Knowledge Sharing IoT Forensic Platform," IEEE Internet of Things Journal, Vol. 6, No. 4, pp. 6850-6861, Aug. 2019.

13.

Harichandran, Vikram & Walnycky, Daniel & Baggili, Ibrahim & Breitinger, Frank, “CuFA: A more formal definition for digital forensic artifacts,” Digital Investigation. Vol.18, pp.S125-S137, 2016.

14.

Sun-Jib Kim, “A IoT Security Service based on Authentication and Lightweight Cryptography Algorithm,”Journal of KIoTS. Vol.7, No.1, pp.1-7, 2021.

15.

Ho-Seung Kim, Chang-Won Choi, “A Degisn on Error Tracking System for Enhanced-Reliable IoT Service,”Journal of KIoTS. Vol.6, No.3, pp.15-20, 2020.

한국사물인터넷학회논문지