Analysis of commands of Telnet logs illegally connected to IoT devices

Mirai is an active malware that targets and poses constant threats to IoT devices. IoT malware penetrates IoT devices illegally, makes them download other malware such as bots, and infects them. Therefore, to improve the security of IoT devices, it is important to analyze the behaviors of IoT malware and take countermeasures. In this study, to analyze the behaviors of IoT malware after entering IoT devices and propose new security functions for operating systems to prevent activities such as IoT malware infection, we analyze Telnet logs collected by a honeypot of IoT devices. Thereafter, we report the analysis results regarding IoT malware input commands. The results show that many commands related to shell execution, file download, changing file permissions, and file transfer, are often executed by IoT malware.

This is an Accepted Manuscript of an article published by Conference Publishing Services.
© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.