Demo: An Emulator-Based Active Protection System Against IoT Malware

This demonstration presents an emulator-based active protection system particularly for IoT malware identification and blocking. The key component of our system is a new design of an application loader and an emulating engine based on Unicorn. We demonstrate using IoT network consisting of IoT gateway and IoT devices where the proposed system can be enabled in face of the infamous Mirai attack. We show that with the aid of emulation engine, malicious commands triggered by Telnet and SSH-based IoT malware can be identified and blocked effectively and efficiently while eliminating the possibility of virtual machine escalation.