The past decade has seen a rapidly growing interest in IoT-connected devices. But as is usually the case with computer systems and networks, malicious individuals soon realized that these objects could be exploited for criminal purposes. The problem is particularly salient since the firmware used in many Internet connected devices was developed without taking into consideration the expertise and best security practices gained over the past several years by programmers in other areas. Consequently, multiple attacks on IoT devices took place over the last decade, culminating in the largest ever recorded DDoS attack, the Mirai botnet, which took advantage of weaknesses in the security of the IoT. In this survey, we seek to shed light on the evolution of the IoT malware. We compare the characteristic features of 28 of the most widespread IoT malware programs of the last decade and propose a novel methodology for classifying malware based on its behavioral features. Our study also highlights the common practice of feature reuse across multiple malware programs.

在过去的十年中，人们对物联网连接设备的兴趣迅速增长。但是，与计算机系统和网络通常一样，恶意人员很快意识到可以将这些对象用于犯罪目的。由于许多Internet连接设备中使用的固件是在没有考虑其他领域的程序员在过去几年中获得的专业知识和最佳安全实践的情况下开发的，因此该问题尤为突出。因此，在过去十年中，发生了对物联网设备的多次攻击，最终导致有史以来最大的DDoS攻击Mirai僵尸网络，它利用了物联网安全性的弱点。在本次调查中，我们试图阐明物联网恶意软件的演变。我们比较了过去十年中28个最广泛的IoT恶意软件程序的特征，并提出了一种基于其行为特征对恶意软件进行分类的新颖方法。我们的研究还强调了跨多个恶意软件程序重复使用功能的常见做法。