With the expansion of the Internet of Things (IoT), security incidents about exploiting vulnerabilities in IoT devices have become prominent. However, due to the characteristics of IoT devices such as low power and low performance, it is difficult to apply existing security solutions to IoT devices. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are increasing every year. The most representative is the Mirai malware that caused distributed denial of service (DDoS) attacks by creating a massive IoT botnet. Moreover, Mirai malware has been released on the Internet, resulting in increasing variants and new malicious codes. One of the ways to mitigate distributed denial of service attacks is to render the creation of massive IoT botnets difficult by preventing the spread of malicious code. For IoT infrastructure security, security solutions are being studied to analyze network packets going in and out of IoT infrastructure to detect threats, and to prevent the spread of threats within IoT infrastructure by dynamically controlling network access to maliciously used IoT devices, network equipment, and IoT services. However, there is a great risk to apply unverified security solutions to real-world environments. In this paper, we propose a malware simulation tool that scans vulnerable IoT devices assigned a private IP address, and spreads malicious code within IoT infrastructure by injecting malicious code download command into vulnerable devices. The malware simulation tool proposed in this paper can be used to verify the functionality of network threat detection and prevention solutions.
KSP Keywords
Detection and Prevention, Distributed Denial of Service attacks, Distributed denial of service (DDoS) attacks, IP address, Internet of thing(IoT), IoT Devices, IoT botnets, IoT services, Low-Power, Malicious code, Malware distribution
This work is distributed under the term of Creative Commons License (CCL)
(CC BY)
Copyright Policy
ETRI KSP Copyright Policy
The materials provided on this website are subject to copyrights owned by ETRI and protected by the Copyright Act. Any reproduction, modification, or distribution, in whole or in part, requires the prior explicit approval of ETRI. However, under Article 24.2 of the Copyright Act, the materials may be freely used provided the user complies with the following terms:
The materials to be used must have attached a Korea Open Government License (KOGL) Type 4 symbol, which is similar to CC-BY-NC-ND (Creative Commons Attribution Non-Commercial No Derivatives License). Users are free to use the materials only for non-commercial purposes, provided that original works are properly cited and that no alterations, modifications, or changes to such works is made. This website may contain materials for which ETRI does not hold full copyright or for which ETRI shares copyright in conjunction with other third parties. Without explicit permission, any use of such materials without KOGL indication is strictly prohibited and will constitute an infringement of the copyright of ETRI or of the relevant copyright holders.
J. Kim et. al, "Trends in Lightweight Kernel for Many core Based High-Performance Computing", Electronics and Telecommunications Trends. Vol. 32, No. 4, 2017, KOGL Type 4: Source Indication + Commercial Use Prohibition + Change Prohibition
J. Sim et.al, “the Fourth Industrial Revolution and ICT – IDX Strategy for leading the Fourth Industrial Revolution”, ETRI Insight, 2017, KOGL Type 4: Source Indication + Commercial Use Prohibition + Change Prohibition
If you have any questions or concerns about these terms of use, or if you would like to request permission to use any material on this website, please feel free to contact us
KOGL Type 4:(Source Indication + Commercial Use Prohibition+Change Prohibition)
Contact ETRI, Research Information Service Section
Privacy Policy
ETRI KSP Privacy Policy
ETRI does not collect personal information from external users who access our Knowledge Sharing Platform (KSP). Unathorized automated collection of researcher information from our platform without ETRI's consent is strictly prohibited.
[Researcher Information Disclosure] ETRI publicly shares specific researcher information related to research outcomes, including the researcher's name, department, work email, and work phone number.
※ ETRI does not share employee photographs with external users without the explicit consent of the researcher. If a researcher provides consent, their photograph may be displayed on the KSP.