Write a Blog >>
Wed 12 Oct 2022 14:30 - 14:50 at Ballroom C East - Technical Session 13 - Application Domains Chair(s): Andrea Stocco

IoT devices have been under frequent attacks in recent years, causing severe impacts. Previous research has shown the evolution and features of some specific IoT malware families or stages of IoT attacks through offline sample analysis. However, we still lack a systematic observation of various system resources abused by active attackers and the malicious intentions behind these behaviors. This makes us difficult to design appropriate protection strategies to defend against existing attacks and possible future variants.

In this paper, we fill this gap by analyzing 117,862 valid attack sessions captured by our dedicated high-interaction IoT honeypot, HoneyAsclepius, and further discover the intentions in our designed workflow. HoneyAsclepius enables high capture capability as well as continuous behavior monitoring during active attack sessions in real-time. Through a large-scale deployment, we collected 11,301,239 malicious behaviors originating from 50,594 different attackers. Based on this information, we further separate the behaviors in different attack sessions targeting distinct categories of system resources, estimate the temporal relations and summarize their malicious intentions behind. Inspired by such investigations, we present several key insights about abusive behaviors of the file, network, process, and special capability resources, and further propose practical defense strategies to better protect IoT devices.

Wed 12 Oct

Displayed time zone: Eastern Time (US & Canada) change

13:30 - 15:30
Technical Session 13 - Application DomainsNIER Track / Research Papers / Journal-first Papers at Ballroom C East
Chair(s): Andrea Stocco Università della Svizzera italiana (USI)
13:30
20m
Research paper
A Hybrid Approach for Inference between Behavioral Exception API Documentation and Implementations, and Its Applications
Research Papers
Hoan Anh Nguyen Amazon, Hung Phan , Samantha Syeda Khairunnesa Bradley University, Son Nguyen The University of Texas at Dallas, Aashish Yadavally University of Texas at Dallas, Shaohua Wang New Jersey Institute of Technology, Hridesh Rajan Iowa State University, Tien N. Nguyen University of Texas at Dallas
13:50
10m
Vision and Emerging Results
Property-Based Automated Repair of DeFi Protocols
NIER Track
Palina Tolmach Nanyang Technological University, Singapore, Institute of High Performance Computing, Agency for Science, Technology and Research (A*STAR), Singapore, Yi Li Nanyang Technological University, Singapore, Shang-Wei Lin Nanyang Technological University
Pre-print
14:00
20m
Research paper
Automatically Detecting Visual Bugs in HTML5 <canvas> Games
Research Papers
Finlay Macklon University of Alberta, Mohammad Reza Taesiri University of Alberta, Markos Viggiato University of Alberta, Stefan Antoszko University of Alberta, Natalia Romanova Prodigy Education, Dale Paas Prodigy Education, Cor-Paul Bezemer University of Alberta
14:20
10m
Vision and Emerging Results
Reflecting on Recurring Failures in IoT Development
NIER Track
Dharun Anandayuvaraj Purdue University, James C. Davis Purdue University, USA
14:30
20m
Research paper
Empirical Study of System Resources Abused by IoT AttackersVirtual
Research Papers
Zijing Yin Tsinghua University, Yiwen Xu Tsinghua University, Chijin Zhou Tsinghua University, Yu Jiang Tsinghua University
14:50
20m
Paper
Large-Scale Empirical Study of Inline Assembly on 7.6 Million Ethereum Smart ContractsVirtual
Journal-first Papers
Xiao Peng China EverBright Bank, Shuwei Song University of Electronic Science and Technology of China, Xiao Peng China EverBright Bank, Xiapu Luo Hong Kong Polytechnic University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Ting Chen University of Electronic Science and Technology of China, Jiachi Chen Sun Yat-Sen University, Tao Zhang Macau University of Science and Technology (MUST), Xiaosong Zhang University of Electronic Science and Technology of China
Link to publication DOI
15:10
20m
Research paper
Accelerating OCR-Based Widget Localization for Test Automation of GUI ApplicationsVirtual
Research Papers
Ju Qian Nanjing University of Aeronautics and Astronautics, Yingwei Ma Nanjing University of Aeronautics and Astronautics, Chenghao Lin Nanjing University of Aeronautics and Astronautics, Lin Chen Nanjing University