{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T06:32:12Z","timestamp":1775543532463,"version":"3.50.1"},"reference-count":103,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"20","license":[{"start":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T00:00:00Z","timestamp":1634256000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T00:00:00Z","timestamp":1634256000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T00:00:00Z","timestamp":1634256000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Key-Area Research and Development Program for Guangdong Province","award":["2019B010136001"],"award-info":[{"award-number":["2019B010136001"]}]},{"name":"National Key Research and Development Plan","award":["2017YFB0801801"],"award-info":[{"award-number":["2017YFB0801801"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672186"],"award-info":[{"award-number":["61672186"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61872110"],"award-info":[{"award-number":["61872110"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"HK RGC Project","award":["PolyU 152239\/18E"],"award-info":[{"award-number":["PolyU 152239\/18E"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2021,10,15]]},"DOI":"10.1109\/jiot.2021.3063840","type":"journal-article","created":{"date-parts":[[2021,3,4]],"date-time":"2021-03-04T21:03:13Z","timestamp":1614891793000},"page":"15422-15440","source":"Crossref","is-referenced-by-count":34,"title":["An Evolutionary Study of IoT Malware"],"prefix":"10.1109","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2957-6874","authenticated-orcid":false,"given":"Huanran","family":"Wang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4783-876X","authenticated-orcid":false,"given":"Weizhe","family":"Zhang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6494-775X","authenticated-orcid":false,"given":"Hui","family":"He","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5091-8464","authenticated-orcid":false,"given":"Peng","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9082-3208","authenticated-orcid":false,"given":"Daniel Xiapu","family":"Luo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2486-5765","authenticated-orcid":false,"given":"Yang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Jiawei","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Yan","family":"Li","sequence":"additional","affiliation":[]},{"given":"Xing","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Wenmao","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Runzi","family":"Zhang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6943-2093","authenticated-orcid":false,"given":"Xing","family":"Lan","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","year":"2018","journal-title":"Understanding the IoT Hacker—A Conversation With Owari\/ Sora IoT Botnet Author"},{"key":"ref38","author":"paganini","year":"2016","journal-title":"ELF Linux\/Nyadrop a New IoT Threat in the Wild"},{"key":"ref33","year":"2018","journal-title":"Seven New Mirai Variants and the Aspiring Cybercriminal Behind Them"},{"key":"ref32","year":"2018","journal-title":"Goscanssh Malware Targets SSH Servers But Avoids Military and Gov Systems"},{"key":"ref31","year":"2018","journal-title":"Doubledoor IoT Botnet Bypasses Firewall as Well as Modem Security Using Two Backdoor Exploits"},{"key":"ref30","year":"2018","journal-title":"Doubledoor IoT Botnet Uses Two Backdoor Exploits"},{"key":"ref37","author":"beltov","year":"2017","journal-title":"Amnesia IoT Botnet Infects Devices Worldwide"},{"key":"ref36","year":"2016","journal-title":"Linux\/ Moose Still Breathing"},{"key":"ref35","year":"2015","journal-title":"Notes on Linux\/ XoR DDoS"},{"key":"ref34","year":"2013","journal-title":"Carna Botnet—An Interesting Amoral and Illegal Internet Census"},{"key":"ref28","year":"2018","journal-title":"IoT Botnet Gafgyt and Netcore Backdoor"},{"key":"ref27","year":"2021","journal-title":"Mcafee Labs Threats Report Explores Threat Intelligence Sharing and Mirai Botnet"},{"key":"ref29","year":"2018","journal-title":"Jenx New IoT Botnet"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2019.2960076"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2013.6671321"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"ref24","first-page":"33","article-title":"IoT malware: Comprehensive survey, analysis framework and case studies","author":"costin","year":"2018","journal-title":"Proc BlackHat USA"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7178164"},{"key":"ref26","author":"arghire","year":"2019","journal-title":"Aesddos Botnet Targets Vulnerability in Atlassian’s Confluence Server"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1016\/S0893-6080(99)00073-8"},{"key":"ref25","author":"kovacs","year":"2015","journal-title":"Large DDoS Botnet Powered by Routers Infected With Spike Malware"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2016.0163"},{"key":"ref50","year":"2018","journal-title":"Chalubo Botnet Wants to DDoS From Your Server or IoT Device"},{"key":"ref51","year":"2014","journal-title":"Bashlite Family of Malware Infects 1 Million IoT Devices"},{"key":"ref59","year":"2005","journal-title":"MALWARE"},{"key":"ref58","year":"2005","journal-title":"Backdoor w32\/ rbot"},{"key":"ref57","year":"2007","journal-title":"What Are Exploit Kits?"},{"key":"ref56","year":"2021","journal-title":"A Closer Look at Zlob Trojans"},{"key":"ref55","year":"2007","journal-title":"Trojan dnschanger"},{"key":"ref54","year":"2016","journal-title":"New Remaiten Malware Builds Botnet of Linux-Based Routers"},{"key":"ref53","year":"2014","journal-title":"Lizardstresser IoT Botnet Part of 400Gbps DDoS Attacks"},{"key":"ref52","author":"gatlan","year":"2014","journal-title":"QBoT Malware Dropped Via Context-Aware Phishing Campaign"},{"key":"ref40","author":"sanders","year":"2018","journal-title":"Newly Discovered Slingshot Malware Was Hidden in Routers for 6 Years"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274717"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.201"},{"key":"ref6","year":"2021","journal-title":"Cisco Talos Intelligence Group—Comprehensive Threat Intelligence CRAT Wants to Plunder Your Endpoints"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.07.012"},{"key":"ref8","year":"2019","journal-title":"Home & Small Office Wireless Routers Exploited to Attack Gaming Servers"},{"key":"ref49","author":"easton","year":"2018","journal-title":"Chalubo Botnet Wants to DDoS From Your Server or IoT Device"},{"key":"ref7","author":"botezatu","year":"2021","journal-title":"New Hide—N Seek IoT Botnet Using Custom-Built Peer-to-Peer Communication Spotted in the Wild—Bitdefender Labs"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2018.10315"},{"key":"ref46","author":"jain","year":"2017","journal-title":"Technical Analysis Report on Rowdy a New Type of IoT Malware Exploiting Stbs"},{"key":"ref45","year":"2017","journal-title":"IoTroop Botnet The Full Investigation"},{"key":"ref48","year":"2018","journal-title":"Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight Got Indicted"},{"key":"ref47","year":"2017","journal-title":"Persirai New Internet of Things (IoT) Botnet Targets IP Cameras"},{"key":"ref42","year":"2017","journal-title":"Rickrolled by None Other Than IoTreaper"},{"key":"ref41","author":"botezatu","year":"2018","journal-title":"Hide and Seek IoT Botnet Resurfaces With New Tricks Persistence"},{"key":"ref44","author":"goldman","year":"2017","journal-title":"Hajime Malware Infects Tens of Thousands of IoT Devices"},{"key":"ref43","author":"biggs","year":"2017","journal-title":"Brickerbot Is a Vigilante Worm That Destroys Insecure IoT Devices"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxx029"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23326"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.26.212"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1007\/s10844-010-0148-x"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2403"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/594501"},{"key":"ref74","article-title":"Scandroid: Automated security certification of Android","author":"fuchs","year":"2009"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"ref78","year":"2021","journal-title":"Trojan Android\/Zsone A Description—F-Secure Labs"},{"key":"ref79","first-page":"21","article-title":"Identifying shared software components to support malware forensics","author":"ruttenberg","year":"2014","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref60","year":"2008","journal-title":"Hacktool Win32\/Hydra"},{"key":"ref62","author":"tara","year":"2016","journal-title":"Kaiten Malware Returns to Threaten IoT"},{"key":"ref61","author":"modine","year":"2010","journal-title":"Chuck Norris Botnet Doesn’t Infect Routers"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665792"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/ICBNMT.2011.6156010"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1007\/s00779-016-0966-0"},{"key":"ref66","first-page":"1","article-title":"Enhancing security of Linux-based Android devices","author":"schmidt","year":"2008","journal-title":"Proc 15th Int Linux Kongress"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_13"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/1247660.1247690"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2019.00034"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2647881"},{"key":"ref95","author":"malik","year":"2021","journal-title":"Meet Remaiten—A Linux Bot on Steroids Targeting Routers and Potentially Other IoT Devices"},{"key":"ref94","year":"2021","journal-title":"nltk"},{"key":"ref93","author":"kerrisk","year":"2021","journal-title":"The Linux man-pages project"},{"key":"ref92","first-page":"755","article-title":"Mining opinion features in customer reviews","volume":"4","author":"hu","year":"2004","journal-title":"Proc AAAI"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060797"},{"key":"ref90","year":"2021","journal-title":"WordNet"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071"},{"key":"ref102","year":"2021","journal-title":"GridSearchCV"},{"key":"ref98","author":"iyengar","year":"2018","journal-title":"Project of Sandbox Detux"},{"key":"ref99","year":"2018","journal-title":"Access Radare2 Via Pipe From Any Programming Language"},{"key":"ref96","year":"2021","journal-title":"Cowrie Project"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60753-5_19"},{"key":"ref11","first-page":"743","article-title":"Examining Mirai’s battle over the Internet of Things","author":"griffioen","year":"2020","journal-title":"Proc ACM SIGSAC Conf Comput Commun Security"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-017-8798-7_68"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2924677"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/7064131"},{"key":"ref15","article-title":"Windows malware detector using convolutional neural network based on visualization images","author":"sl","year":"2019","journal-title":"IEEE Trans Emerg Topics Comput"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1038\/nrg1768"},{"key":"ref17","first-page":"1","article-title":"The tangled genealogy of IoT malware","author":"cozzi","year":"2020","journal-title":"Proc Comput Security Appl Conf"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1353\/pbm.1986.0087"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_15"},{"key":"ref84","first-page":"527","article-title":"WHYPER: Towards automating risk assessment of mobile applications","author":"pandita","year":"0"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2885512"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623667"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2421001"},{"key":"ref89","year":"2021","journal-title":"Inside the infamous mirai IoT botnet a retrospective analysis"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978304"},{"key":"ref86","year":"2021","journal-title":"Tactics Listed by Wenterprise Matrix"},{"key":"ref87","author":"bussoletti","year":"2021","journal-title":"QAKBOT (AKA QBOT) Malware Is Evolving With New Obfuscation Techniques"},{"key":"ref88","article-title":"Stanford typed dependencies manual","author":"de marneffe","year":"2008"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6488907\/9560721\/09369383.pdf?arnumber=9369383","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:53:54Z","timestamp":1652194434000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9369383\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,15]]},"references-count":103,"journal-issue":{"issue":"20"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2021.3063840","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,15]]}}}