부산대학교 도서관

With the continuous proliferation of Internet of Things (IoT) devices, malware threats that specifically target these devices continue to increase. The urgent need for robust security measures is predicated on a comprehensive understanding of the behavioral patterns of IoT malware. However, previous studies have often overlooked the analysis of command sequences in Telnet logs. This study bridges this research gap by examining the post-injection behaviors of attackers. By analyzing a vast dataset comprising more than ten million logs collected from an IoT honeypot, we reveal three distinct post-injection activity patterns, each with unique characteristics. These patterns provide pivotal insights that not only help distinguish between legitimate operations and attempted attacks, but also drive the development of robust cybersecurity measures that effectively deter such behaviors. The nuances discovered in this study contribute significantly to IoT security by enhancing our understanding of malware tactics and informing targeted defense strategies.