MétaCan
Menu
Back to cohort
Record W4285325964 · doi:10.1109/csci54926.2021.00181

Mozi IoT Malware and Its Botnets: From Theory To Real-World Observations

2021· article· en· W4285325964 on OpenAlex
Josh Sahota, Natalija Vlajic

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

affAt least one author lists a Canadian institution in the pinned OpenAlex snapshot.

Bibliographic record

Venue2021 International Conference on Computational Science and Computational Intelligence (CSCI) · 2021
Typearticle
Languageen
FieldComputer Science
TopicNetwork Security and Intrusion Detection
Canadian institutionsYork University
Fundersnot available
KeywordsBotnetMalwareComputer securityComputer scienceInternet of ThingsWorld Wide WebThe Internet

Abstract

fetched live from OpenAlex

Mozi IoT malware arrived on the Internet stage in late 2019, and since then has managed to infected over 1.5 million IoT devices, established numerous large-scale botnets, and generate more attack traffic in 2020 and 2021 than any of its IoT-malware counterparts. Even though Mozi code is a blend of three other infamous malware families (Mirai, Gafgyt, and IoTReaper), the main distinguishing feature of Mozi botnets -relative to those of its direct predecessors - is their P2P networking architecture. Notwithstanding Mozi’s significance and prevalence in the real world, there is very little mention of this IoT malware in academic research literature. This paper is one of the first attempts to bring the attention of the research community to the architecture and operation of Mozi and its botnets. The information provided in the paper is in part based on our own experimentation with live monitored instances of Mozi malware.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.001
metaresearch head score (Gemma)0.000
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesMeta-epidemiology (narrow), Scholarly communication, Insufficient payload (model declined to judge)
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Theoretical or conceptual · Consensus signal: none
GenreCandidate signal: Empirical · Consensus signal: none
Teacher disagreement score0.842
Threshold uncertainty score1.000

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0010.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0010.002
Science and technology studies0.0010.000
Scholarly communication0.0010.001
Open science0.0010.001
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0010.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.078
GPT teacher head0.326
Teacher spread0.248 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it