{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:10:12Z","timestamp":1773511812337,"version":"3.50.1"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030708511","type":"print"},{"value":"9783030708528","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-70852-8_1","type":"book-chapter","created":{"date-parts":[[2021,3,2]],"date-time":"2021-03-02T18:03:11Z","timestamp":1614708191000},"page":"3-19","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Persistence in Linux-Based IoT Malware"],"prefix":"10.1007","author":[{"given":"Calvin","family":"Brierley","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jamie","family":"Pont","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Budi","family":"Arief","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David J.","family":"Barnes","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julio","family":"Hernandez-Castro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,3]]},"reference":[{"key":"1_CR1","unstructured":"Building external modules. https:\/\/www.kernel.org\/doc\/html\/latest\/kbuild\/modules.html. Accessed Aug 2020"},{"key":"1_CR2","unstructured":"Kernel module signing facility. https:\/\/www.kernel.org\/doc\/html\/v4.15\/admin-guide\/module-signing.html. Accessed Aug 2020"},{"key":"1_CR3","unstructured":"What is the mirai botnet? https:\/\/www.cloudflare.com\/learning\/ddos\/glossary\/mirai-botnet\/. Accessed Aug 2020"},{"key":"1_CR4","unstructured":"What\u2019s a mirai botnet doing with my router? (2016). https:\/\/blog.f-secure.com\/whats-a-mirai-botnet-doing-with-my-router\/. Accessed Aug 2020"},{"key":"1_CR5","unstructured":"Antonakakis, M., et al.: Understanding the mirai botnet. In: 26th $$\\{$$USENIX$$\\}$$ security symposium ($$\\{$$USENIX$$\\}$$ Security 17), pp. 1093\u20131110 (2017)"},{"key":"1_CR6","unstructured":"Baines, J.: Crestron am\/barco wepresent wipg\/extron sharelink\/teq av it\/sharp pn-l703wa\/optoma wps-pro\/blackbox hd wps\/infocus liteshow - remote command injection (2019). https:\/\/www.exploit-db.com\/exploits\/46786 Accessed Aug 2020"},{"key":"1_CR7","unstructured":"Birngruber, S., Hehenberger, F., Gr\u00fcndlinger, P., Zeilinger, M., Vymazal, D.: Netgear nighthawk firmware update vulnerability (2017), https:\/\/iot-lab-fh-ooe.github.io\/netgear_update_vulnerability\/. Accessed Aug 2020"},{"key":"1_CR8","unstructured":"Bozzato, C., Wyatt, L.: Circle with disney firmware update signature check bypass vulnerability (2017). https:\/\/talosintelligence.com\/vulnerability_reports\/TALOS-2017-0405. Accessed Aug 2020"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Breitenbacher, D., Homoliak, I., Aung, Y.L., Tippenhauer, N.O., Elovici, Y.: Hades-IoT: a practical host-based anomaly detection system for IoT devices. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 479\u2013484 (2019)","DOI":"10.1145\/3321705.3329847"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Brierley, C., Pont, J., Arief, B., Barnes, D.J., Hernandez-Castro, J.: Paperw8: an IoT bricking ransomware proof of concept. In: Proceedings of the 15th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2020)","DOI":"10.1145\/3407023.3407044"},{"key":"1_CR11","unstructured":"Cloudflare: Famous ddos attacks | the largest ddos attacks of all time, https:\/\/www.cloudflare.com\/learning\/ddos\/famous-ddos-attacks\/ [Accessed: August 2020]"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding linux malware. In: 2018 Symposium on Security and Privacy (SP), pp. 161\u2013175. IEEE (2018)","DOI":"10.1109\/SP.2018.00054"},{"key":"1_CR13","unstructured":"Denk, W.: u-boot\/image.h (2020). https:\/\/github.com\/u-boot\/u-boot\/blob\/master\/include\/image.h. Accessed Aug 2020"},{"key":"1_CR14","unstructured":"Glass, S.: Das u-boot - the universal boot loader (2020). http:\/\/www.denx.de\/wiki\/U-Boot. Accessed Aug 2020"},{"key":"1_CR15","unstructured":"Ilascu, I.: New IoT botnet torii uses six methods for persistence, has no clear purpose (2018). https:\/\/www.bleepingcomputer.com\/news\/security\/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose\/. Accessed Aug 2020"},{"key":"1_CR16","unstructured":"jclehner: mtd-rw: Write-enabler for MTD partitions (2016). https:\/\/github.com\/jclehner\/mtd-rw. Accessed Aug 2020"},{"key":"1_CR17","unstructured":"Land, J.: Multiple netgear routers are vulnerable to arbitrary command injection (2016). https:\/\/www.kb.cert.org\/vuls\/id\/582384\/. Accessed Aug 2020"},{"key":"1_CR18","unstructured":"Landley, R.: ramfs, rootfs and initramfs (2005). https:\/\/www.kernel.org\/doc\/Documentation\/filesystems\/ramfs-rootfs-initramfs.txt. Accessed Aug 2020"},{"key":"1_CR19","unstructured":"mwarning: mtdrw (2019). https:\/\/github.com\/mwarning\/mtdRW. Accessed Aug 2020"},{"key":"1_CR20","unstructured":"NIST: Yealink voip phone sip-t38g - remote command execution (2014). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2013-5758. Accessed Aug 2020"},{"key":"1_CR21","unstructured":"NIST: Cve-2016-6277 detail (2017). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-6277. Accessed Aug 2020"},{"key":"1_CR22","unstructured":"NIST: Cve-2019-10999 (2019). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-10999. Accessed Aug 2020"},{"key":"1_CR23","unstructured":"NIST: Cve-2019-3929 detail (2019). https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-3929. Accessed Aug 2020"},{"key":"1_CR24","unstructured":"rampageX: firmware-mod-kit (2019). https:\/\/github.com\/rampageX\/firmware-mod-kit. Accessed Aug 2020"},{"key":"1_CR25","unstructured":"ReFirmLabs: Binwalk (2019). https:\/\/github.com\/ReFirmLabs\/binwalk. Accessed Aug 2020"},{"key":"1_CR26","unstructured":"Smith, B.: A quick guide to gplv3. Free Software Foundation, Inc. (2007). http:\/\/www.gnu.org\/licenses\/quick-guide-gplv3.html. Accessed 4 2008"},{"key":"1_CR27","unstructured":"Sophos: Vpnfilter botnet (2018). https:\/\/news.sophos.com\/en-us\/2018\/05\/24\/vpnfilter-botnet-a-sophoslabs-analysis\/. Accessed Aug 2020"},{"key":"1_CR28","unstructured":"Sophos: Vpnfilter botnet: a sophoslabs analysis: part 2 (2018). https:\/\/news.sophos.com\/en-us\/2018\/05\/27\/vpnfilter-botnet-a-sophoslabs-analysis-part-2\/. Accessed Aug 2020"},{"key":"1_CR29","unstructured":"Talos Intelligence: New vpnfilter malware targets at least 500k networking devices worldwide (2018). https:\/\/blog.talosintelligence.com\/2018\/05\/VPNFilter.html. Accessed Aug 2020"},{"key":"1_CR30","unstructured":"Talos Intelligence: Vpnfilter update: Vpnfilter exploits endpoints, targets new devices (2018). https:\/\/blog.talosintelligence.com\/2018\/06\/vpnfilter-update.html. Accessed Aug 2020"},{"key":"1_CR31","unstructured":"Tung, L.: Fbi to all router users: Reboot now to neuter russia\u2019s vpnfilter malware (2018). https:\/\/www.zdnet.com\/article\/fbi-to-all-router-users-reboot-now-to-neuter-russias-vpnfilter-malware\/. Accessed Aug 2020"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Vignau, B., Khoury, R., Hall\u00e9, S.: 10 years of IoT malware: a feature-based taxonomy. In: 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 458\u2013465. IEEE (2019)","DOI":"10.1109\/QRS-C.2019.00088"},{"key":"1_CR33","unstructured":"Woolf, N.: DDoS attack that disrupted internet was largest of its kind in history, experts say (2016). https:\/\/www.theguardian.com\/technology\/2016\/oct\/26\/ddos-attack-dyn-mirai-botnet. Accessed Aug 2020"},{"key":"1_CR34","unstructured":"Yamada, M.: verified-boot.txt (2017). https:\/\/github.com\/u-boot\/u-boot\/blob\/master\/doc\/uImage.FIT\/verified-boot.txt. Accessed Aug 2020"},{"key":"1_CR35","unstructured":"Yang, J., et al.: Ubootkit: A Worm Attack for the Bootloader of IoT Devices. BlackHat Asia (2019)"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-70852-8_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,19]],"date-time":"2022-12-19T19:38:48Z","timestamp":1671478728000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-70852-8_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030708511","9783030708528"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-70852-8_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"3 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 November 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2020.on.liu.se\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"45","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}