@inproceedings{34d759181ed1443c8ca0bdb6390cd283,
title = "Detection of Mirai by Syntactic and Behavioral Analysis",
abstract = "The largest botnet distributed denial of service attacks in history have been executed by devices controlled by the Mirai botnet trojan. To prevent Mirai from spreading, this paper presents and evaluates techniques to classify binary samples as Mirai based on their syntactic and behavioral properties. Syntactic malware detection is shown to have a good detection rate and no false positives, but to be very easy to circumvent. Behavioral malware detection is resistant to simple obfuscation and has better detection rate than syntactic detection, while keeping false positives to zero. This paper demonstrates these results, and concludes by showing how to combine syntactic and behavioral analysis techniques for the detection of Mirai.",
keywords = "Behavioral analysis, Graph mining, Malware, Mirai, Syntactic analysis, System call dependency graph, Yara",
author = "{Ben Said}, Najah and Fabrizio Biondi and Vesselin Bontchev and Olivier Decourbe and Thomas Given-Wilson and Axel Legay and Jean Quilbeuf",
year = "2018",
month = nov,
day = "16",
doi = "10.1109/ISSRE.2018.00032",
language = "English",
isbn = "978-1-5386-8322-4",
series = "Proceedings - International Symposium on Software Reliability Engineering, ISSRE",
pages = "224--235",
editor = "Sudipto Ghosh and Bojan Cukic and Robin Poston and Roberto Natella and Nuno Laranjeiro",
booktitle = "Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018",
publisher = "IEEE Computer Society Press",
address = "United States",
note = "29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018 ; Conference date: 15-10-2018 Through 18-10-2018",
}