MUHAMMAD MUMTAZ ALI,WANG ZHENFEI,HOU WEIYAN,ZEESHAN SHAUKAT,AYESHA SHABBIR,AQSA RASHEED,FAIQA MAQSOOD,QASIM ZIA,HAMEED UR REHMAN

DOI: https://doi.org/10.21203/rs.3.rs-2145279/v1

2022-01-01

Abstract:Abstract Internet of Things (IoT) devices are used to sense, gather, transmit and control data. IoT improves user experiences by connecting and sharing information across smart devices. Malware attacks easily target IoT-connected consoles to get control or damage privacy. Effective IoT device protection might rescue millions of internet users from malware. Malware detection methods are computationally expensive and complex. Many different machine learning models were used to deduct malware or viruses. As innovation advances, threat intelligence and malware researchers struggle. Traditional security measures like firewalls and Intrusion Detection Systems (IDS) must be changed to work with the current IoT models. Also, the Internet of Things and Cloud/Fog Computing go well together. They are often used interchangeably when talking about technical services and work together to make IoT services more complete. This study suggests deep learning-based approaches for detecting IoT malware in order to prevent harm to IoT devices. The proposed algorithms AlexNet, ResNet-18, and Convolution Neural Network (CNN) are applied to the well-known public dataset "Mal_Img". The experimental findings show that the accuracy of the suggested method is superior to that of earlier state-of-the-art and deep learning methods. The highest attained accuracies for proposed methods proposed algorithms AlexNet, ResNet-18, and Convolution Neural Network are 97.74%, 88.74%, and 98.02%. Our framework has currently been demonstrated to be a useful research tool for the BitDefender AntiMalware Research Labs' computer security specialists. In the future, more advanced malware (polymorphic and metamorphic) can be detected using the same models.

Yang Zhao,Alifu Kuerban

DOI: https://doi.org/10.3390/s23063060

2023-03-13

Abstract:With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers' inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy.

Hamad Naeem,Bing Guo,Muhammad Rashid Naeem

DOI: https://doi.org/10.1109/icaibd.2018.8396202

2018-01-01

Abstract:Recently a huge trend on the internet of things (IoT) and an exponential increase in automated tools are helping malware producers to target IoT devices. The traditional security solutions against malware are infeasible due to low computing power for large-scale data in IoT environment. The number of malware and their variants are increasing due to continuous malware attacks. Consequently, the performance improvement in malware analysis is critical requirement to stop rapid expansion of malicious attacks in IoT environment. To solve this problem, the paper proposed a novel framework for classifying malware in IoT environment. To achieve fine-grained malware classification in suggested framework, the malware image classification system (MICS) is designed for representing malware image globally and locally. MICS first converts the suspicious program into the gray-scale image and then captures hybrid local and global malware features to perform malware family classification. Preliminary experimental outcomes of MICS are quite promising with 97.4% classification accuracy on 9342 windows suspicious programs of 25 families. The experimental results indicate that proposed framework is quite capable to process large-scale IoT malware.

Jayanthi Ramamoorthy,Khushi Gupta,Ram C. Kafle,Narasimha K. Shashidhar,Cihan Varol

DOI: https://doi.org/10.3390/electronics13152906

IF: 2.9

2024-07-24

Electronics

Abstract:The proliferation of Internet of Things (IoT) devices on Linux platforms has heightened concerns regarding vulnerability to malware attacks. This paper introduces a novel approach to investigating the behavior of Linux IoT malware by examining syscalls and library syscall wrappers extracted through static analysis of binaries, as opposed to the conventional method of using dynamic analysis for syscall extraction. We rank and categorize Linux system calls based on their security significance, focusing on understanding malware intent without execution. Feature analysis of the assigned syscall categories and risk ranking is conducted with statistical tests to validate their effectiveness and reliability in differentiating between malware and benign binaries. Our findings demonstrate that potential threats can be reliably identified with an F1 score of 96.86%, solely by analyzing syscalls and library syscall wrappers. This method can augment traditional static analysis, providing an effective preemptive measure to enhance Linux malware analysis. This research highlights the importance of static analysis in strengthening IoT systems against emerging malware threats.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ahsan Wajahat,Jingsha He,Nafei Zhu,Tariq Mahmood,Ahsan Nazir,Faheem Ullah,Sirajuddin Qureshi,Soumyabrata Dev

DOI: https://doi.org/10.1016/j.asej.2024.102642

IF: 4.79

2024-02-01

Ain Shams Engineering Journal

Abstract:The Internet of Things (IoT) has experienced significant growth in recent years and has emerged as a very dynamic sector in the worldwide market. Being an open-source platform with a substantial user base, Android has not only been a driving force in the swift advancement of the IoT but has also garnered attention from malicious actors, leading to malware attacks. Given the rapid proliferation of Android malware in recent times, there is an urgent requirement to introduce practical techniques for the detection of such malware. While current machine learning-based Android malware detection approaches have shown promising results, the majority of these methods demand extensive time and effort from malware analysts to construct dynamic or static features. Consequently, the practical application of these methods becomes challenging. Therefore, this paper presents an Android malware detection system characterized by its lightweight design and reliance on explainable machine-learning techniques. The system uses features extracted from mobile applications (apps) to distinguish between malicious and benign apps. Through extensive testing, it has exhibited exceptional accuracy and an F1-score surpassing 0.99 while utilizing minimal device resources and presenting negligible false positive and false negative rates. Furthermore, the classifier model's transparency and comprehensibility are significantly augmented through the application of Shapley's additive explanation scores, enhancing the overall interpretability of the system.

engineering, multidisciplinary

Tzu-Ling Wan,Tao Ban,Shin-Ming Cheng,Yen-Ting Lee,Bo Sun,Ryoichi Isawa,Takeshi Takahashi,Daisuke Inoue

DOI: https://doi.org/10.1109/ojcs.2020.3033974

2020-01-01

IEEE Open Journal of the Computer Society

Abstract:Simple implementation and autonomous operation features make the Internet-of-Things (IoT) vulnerable to malware attacks. Static analysis of IoT malware executable files is a feasible approach to understanding the behavior of IoT malware for mitigation and prevention. However, current analytic approaches based on opcodes or call graphs typically do not work well with diversity in central processing unit (CPU) architectures and are often resource intensive. In this paper, we propose an efficient method for leveraging machine learning methods to detect and classify IoT malware programs. We show that reliable and efficient detection and classification can be achieved by exploring the essential discriminating information stored in the byte sequences at the entry points of executable programs. We demonstrate the performance of the proposed method using a large-scale dataset consisting of 111K benignware and 111K malware programs from seven CPU architectures. The proposed method achieves near optimal generalization performance for malware detection (99.96 accuracy) and for malware family classification (98.47 accuracy). Moreover, when CPU architecture information is considered in learning, the proposed method combined with support vector machine classifiers can yield even higher generalization performance using fewer bytes from the executable files. The findings in this paper are promising for implementing light-weight malware protection on IoT devices with limited resources.

Shtwai Alsubai,Ashit Kumar Dutta,Abdullah M Alnajim,Abdul Rahaman Wahab Sait,Rashid Ayub,Afnan Mushabbab AlShehri,Naved Ahmad

DOI: https://doi.org/10.7717/peerj-cs.1366

2023-05-29

Abstract:The Internet of Things (IoT) environment demands a malware detection (MD) framework for protecting sensitive data from unauthorized access. The study intends to develop an image-based MD framework. The authors apply image conversion and enhancement techniques to convert malware binaries into RGB images. You only look once (Yolo V7) is employed for extracting the key features from the malware images. Harris Hawks optimization is used to optimize the DenseNet161 model to classify images into malware and benign. IoT malware and Virusshare datasets are utilized to evaluate the proposed framework's performance. The outcome reveals that the proposed framework outperforms the current MD framework. The framework generates the outcome at an accuracy and F1-score of 98.65 and 98.5 and 97.3 and 96.63 for IoT malware and Virusshare datasets, respectively. In addition, it achieves an area under the receiver operating characteristics and the precision-recall curve of 0.98 and 0.85 and 0.97 and 0.84 for IoT malware and Virusshare datasets, accordingly. The study's outcome reveals that the proposed framework can be deployed in the IoT environment to protect the resources.

Alyaa A Hamza,Islam Tharwat Abdel Halim,Mohamed A Sobh,Ayman M Bahaa-Eldin

DOI: https://doi.org/10.3390/s22031079

2022-01-29

Abstract:Established Internet of Things (IoT) platforms suffer from their inability to determine whether an IoT app is secure or not. A security analysis system (SAS) is a protective shield against any attack that breaks down data privacy and security. Its main task focuses on detecting malware and verifying app behavior. There are many SASs implemented in various IoT applications. Most of them build on utilizing static or dynamic analysis separately. However, the hybrid analysis is the best for obtaining accurate results. The SAS provides an effective outcome according to many criteria related to the analysis process, such as analysis type, characteristics, sensitivity, and analysis techniques. This paper proposes a new hybrid (static and dynamic) SAS based on the model-checking technique and deep learning, called an HSAS-MD analyzer, which focuses on the holistic analysis perspective of IoT apps. It aims to analyze the data of IoT apps by (1) converting the source code of the target applications to the format of a model checker that can deal with it; (2) detecting any abnormal behavior in the IoT application; (3) extracting the main static features from it to be tested and classified using a deep-learning CNN algorithm; (4) verifying app behavior by using the model-checking technique. HSAS-MD gives the best results in detecting malware from malicious smart Things applications compared to other SASs. The experimental results of HSAS-MD show that it provides 95%, 94%, 91%, and 93% for accuracy, precision, recall, and F-measure, respectively. It also gives the best results compared with other analyzers from various criteria.

A. Al-Marghilani

DOI: https://doi.org/10.48084/etasr.4296

2021-08-21

Abstract:Malware detection in Internet of Things (IoT) devices is a great challenge, as these devices lack certain characteristics such as homogeneity and security. Malware is malicious software that affects a system as it can steal sensitive information, slow its speed, cause frequent hangs, and disrupt operations. The most common malware types are adware, computer viruses, spyware, trojans, worms, rootkits, key loggers, botnets, and ransomware. Malware detection is critical for a system's security. Many security researchers have studied the IoT malware detection domain. Many studies proposed the static or dynamic analysis on IoT malware detection. This paper presents a survey of IoT malware evasion techniques, reviewing and discussing various researches. Malware uses a few common evasion techniques such as user interaction, environmental awareness, stegosploit, domain and IP identification, code obfuscation, code encryption, timing, and code compression. A comparative analysis was conducted pointing various advantages and disadvantages. This study provides guidelines on IoT malware evasion techniques.

Vijaya Bhaskar Sadu,Kumar Abhishek,Omaia Mohammed Al-Omari,Sandhya Rani Nallola,Rajeev Kumar Sharma,Mohammad Shadab Khan

DOI: https://doi.org/10.1080/0954898X.2024.2336058

2024-07-15

Network

Abstract:The Internet of Things (IoT) is a network that connects various hardware, software, data storage, and applications. These interconnected devices provide services to businesses and can potentially serve as entry points for cyber-attacks. The privacy of IoT devices is increasingly vulnerable, particularly to threats like viruses and illegal software distribution lead to the theft of critical information. Ant Colony-Optimized Artificial Neural-Adaptive Tensorflow (ACO-ANT) technique is proposed to detect malicious software illicitly disseminated through the IoT. To emphasize the significance of each token in source duplicate data, the noise data undergoes processing using tokenization and weighted attribute techniques. Deep learning (DL) methods are then employed to identify source code duplication. Also the Multi-Objective Recurrent Neural Network (M-RNN) is used to identify suspicious activities within an IoT environment. The performance of proposed technique is examined using Loss, accuracy, F measure, precision to identify its efficiency. The experimental outcomes demonstrate that the proposed method ACO-ANT on Malimg dataset provides 12.35%, 14.75%, 11.84% higher precision and 10.95%, 15.78%, 13.89% higher f-measure compared to the existing methods. Further, leveraging block chain for malware detection is a promising direction for future research the fact that could enhance the security of IoT and identify malware threats.

Hao Sun,Xiaofeng Wang,Rajkumar Buyya,Jinshu Su

DOI: https://doi.org/10.1002/spe.2420

2017-01-01

Abstract:Summary Because of the rapid increasing of malware attacks on the Internet of Things in recent years, it is critical for resource‐constrained devices to guard against potential risks. The traditional host‐based security solution becomes puffy and inapplicable with the development of malware attacks. Moreover, it is hard for the cloud‐based security solution to achieve both the high performance detection and the data privacy protection simultaneously. This paper proposes a cloud‐based anti‐malware system, called CloudEyes, which provides efficient and trusted security services for resource‐constrained devices. For the cloud server, CloudEyes presents suspicious bucket cross‐filtering, a novel signature detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. For the client, CloudEyes implements a lightweight scanning agent which utilizes the digest of signature fragments to dramatically reduce the range of accurate matching. Furthermore, by transmitting sketch coordinates and the modular hashing, CloudEyes guarantees both the data privacy and low‐cost communications. Finally, we evaluate the performance of CloudEyes by utilizing both the campus suspicious traffic and normal files. The results demonstrate that the mechanisms in CloudEyes are effective and practical, and our system can outperform other existing systems with less time and communication consumption. Copyright © 2016 John Wiley & Sons, Ltd.

Junaid Akram,Majid Mumtaz,Gul Jabeen,Ping Luo

DOI: https://doi.org/10.1504/ijics.2021.116310

2021-01-01

International Journal of Information and Computer Security

Abstract:Security researchers and anti-virus industries have speckled stress on an Android malware, which can actually damage your phones and threatens the Android markets. In this paper, we propose and develop DroidMD, a scalable self-improvement based tool, based on auto optimisation of signature set, which detect malicious apps in the market at source code level. A prototype has been developed tested and implemented to detect malware in applications. We implement and evaluate our approach on almost 30,000 applications including 27,000 benign and 3,670 malware applications. DroidMD detects malware in different applications at partial level and full level. It analyses only the applications code, which increase its reliability. Our evaluation of DroidMD demonstrates that our approach is very efficient in detecting malware at large scale with high accuracy of 95.5%.

Sen Li,Mengmeng Ge,Ruitao Feng,Xiaohong Li,Kwok Yan Lam

DOI: https://doi.org/10.1109/icdmw60847.2023.00171

2023-01-01

Abstract:Our society is rapidly moving towards the digital age, which has led to a sharp increase in IoT networks and devices. This growth requires more network security professionals, who are focused on protecting IoT systems. One crucial task is to analyze malicious software to gain a deeper understanding of its functionalities and response methods. However, malware analysis is a complex process that requires the use of various analysis tools, including advanced reverse engineering techniques. For beginners, parsing complex binary data can be particularly challenging as they may be strange with these tools and the basic principles of analysis. Even for experienced analysts, understanding reverse engineering binary files and assembly lists is daunting.Facing these challenges, we propose a two-fold solution. Firstly, we create a detailed list of analysis tools and construct a malware analysis framework aimed at simplifying the analysis process. The framework will list the key data points that need to be addressed in the analysis, providing analysts with the tools and information needed for effective malware analysis. Secondly, we will demonstrate that advanced analysis techniques by providing analysis scripts which automate the reverse engineering process in malware analysis. To evaluate the accuracy of our behavior classification system, we will use our framework and analysis scripts to analyze known malware samples. Then, we will compare the accuracy of script-based analysis results and evaluate their ability to identify malicious software behavior. Our research results indicate that by following our framework and using our scripts, we can detect over 80% critical malware behaviors in known samples, which highlights the potential of simplifying the process of malware analysis, making it easier to learn and implement.

Sreenitha Kasarapu,Sanket Shukla,Sai Manoj Pudukotai Dinakarrao

2024-04-13

Abstract:In recent years, networked IoT systems have revolutionized connectivity, portability, and functionality, offering a myriad of advantages. However, these systems are increasingly targeted by adversaries due to inherent security vulnerabilities and limited computational and storage resources. Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. While numerous malware detection techniques have been proposed, existing approaches often overlook the resource constraints inherent in IoT environments, assuming abundant resources for detection tasks. This oversight is compounded by ongoing workloads such as sensing and on-device computations, further diminishing available resources for malware detection. To address these challenges, we present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks. Our approach begins by analyzing available resources for malware detection using a lightweight regression model. Depending on resource availability, ongoing workload executions, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To safeguard data integrity and user privacy, rather than transferring the entire malware detection task, the classifier is partitioned and distributed across multiple nodes, and subsequently integrated at the parent node for comprehensive malware detection. Experimental analysis demonstrates the efficacy of our proposed technique, achieving a remarkable speed-up of 9.8x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Rajesh Kumar,Xiaosong Zhang,Wenyong Wang,Riaz Ullah Khan,Jay Kumar,Abubaker Sharif

DOI: https://doi.org/10.1109/access.2019.2916886

IF: 3.9

2019-01-01

IEEE Access

Abstract:Internet of things (IoT) is revolutionizing this world with its evolving applications in various aspects of life such as sensing, healthcare, remote monitoring, and so on. Android devices and applications are working hand to hand to realize dreams of the IoT. Recently, there is a rapid increase in threats and malware attacks on Android-based devices. Moreover, due to extensive exploitation of the Android platform in the IoT devices creates a task challenging of securing such kind of malware activities. This paper presents a novel framework that combines the advantages of both machine learning techniques and blockchain technology to improve the malware detection for Android IoT devices. The proposed technique is implemented using a sequential approach, which includes clustering, classification, and blockchain. Machine learning automatically extracts the malware information using clustering and classification technique and store the information into the blockchain. Thereby, all malware information stored in the blockchain history can be communicated through the network, and therefore any latest malware can be detected effectively. The implementation of the clustering technique includes calculation of weights for each feature set, the development of parametric study for optimization and simultaneously iterative reduction of unnecessary features having small weights. The classification algorithm is implemented to extract the various features of Android malware using naive Bayes classifier. Moreover, the naive Bayes classifier is based on decision trees for extracting more important features to provide classification and regression for achieving high accuracy and robustness. Finally, our proposed framework uses the permissioned blockchain to store authentic information of extracted features in a distributed malware database blocks to increase the run-time detection of malware with more speed and accuracy, and further to announce malware information for all users.

Yiwen Xu,Zijing Yin,Yiwei Hou,Jianzhong Liu,Yu Jiang

DOI: https://doi.org/10.1109/tcad.2022.3200908

IF: 2.9

2022-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:The number of IoT devices on the Internet has surged recently, accompanied by a barrage of large-scale IoT malware infections breakouts. Designing security mechanisms for IoT devices poses significant challenges due to constantly changing malware variants that have numerous camouflage strategies, limited hardware resources, and heterogeneous architectures. In this article, we propose MIDAS, an adaptive safeguard framework for Linux-based IoT devices to defend against malwares with the real-time behavior auditing mechanism. First, we construct a stable and abstract behavior paradigm through behavioral characteristic extraction of 115 970 malwares. Then, based on the behavior paradigm, MIDAS can: 1) monitor suspicious behaviors of break-in programs in real-time driven by our built-in SELinux policy customized for malware defense; 2) aggregate behaviors of the program’s submodules with homology tracing; and 3) summarize these behaviors into abstract behavior pairs to unveil a possible IoT malware. Using the aforementioned real-time behavior auditing, MIDAS can constrain mutating and camouflaged malwares to protect discrepant IoT devices from being compromised while maintaining low overheads. We thoroughly evaluated the defense capabilities of MIDAS. On the benchmark dataset, MIDAS successfully constrained up to 94.46%, 91.79%, and 88.34% of 115970 malware samples on ARM, MIPS, and MIPSEL architectures, with less than 1.8 MiB of memory consumption and 0.54% CPU usage. Furthermore, we deployed virtual IoT devices worldwide to examine the performance of MIDAS when defending against real-world attacks. Over a duration of 25 days, these devices suffered from 971 951 attacks originating from 71 979 intruding malwares and 48 805 unique IPs distributed in 167 countries. For devices with MIDAS protection, the number of compromised incidents decreases by $343.1\times $ , and the duration of continuous operation is $179.2\times $ greater than devices without MIDAS on average. The evaluation results demonstrate that MIDAS can effectively safeguard IoT devices with minimal resource consumption.

Dominik Breitenbacher,Ivan Homoliak,Yan Lin Aung,Nils Ole Tippenhauer,Yuval Elovici

DOI: https://doi.org/10.48550/arXiv.1905.01027

2019-05-03

Abstract:Internet of Things (IoT) devices have become ubiquitous and are spread across many application domains including the industry, transportation, healthcare, and households. However, the proliferation of the IoT devices has raised the concerns about their security, especially when observing that many manufacturers focus only on the core functionality of their products due to short time to market and low-cost pressures, while neglecting security aspects. Moreover, it does not exist any established or standardized method for measuring and ensuring the security of IoT devices. Consequently, vulnerabilities are left untreated, allowing attackers to exploit IoT devices for various purposes, such as compromising privacy, recruiting devices into a botnet, or misusing devices to perform cryptocurrency mining. In this paper, we present a practical Host-based Anomaly DEtection System for IoT (HADES-IoT) that represents the last line of defense. HADES-IoT has proactive detection capabilities, provides tamper-proof resistance, and it can be deployed on a wide range of Linux-based IoT devices. The main advantage of HADES-IoT is its low performance overhead, which makes it suitable for the IoT domain, where state-of-the-art approaches cannot be applied due to their high-performance demands. We deployed HADES-IoT on seven IoT devices to evaluate its effectiveness and performance overhead. Our experiments show that HADES-IoT achieved 100% effectiveness in the detection of current IoT malware such as VPNFilter and IoTReaper; while on average, requiring only 5.5% of available memory and causing only a low CPU load.

Cryptography and Security

Ijaz Ahmad,Zhong Wan,Ashfaq Ahmad,Syed Sajid Ullah

DOI: https://doi.org/10.3390/math12101437

IF: 2.4

2024-05-07

Mathematics

Abstract:The proliferation of Internet of Things (IoT) devices and their integration into critical infrastructure and business operations has rendered them susceptible to malware and cyber-attacks. Such malware presents a threat to the availability and reliability of IoT devices, and a failure to address it can have far-reaching impacts. Due to the limited resources of IoT devices, traditional rule-based detection systems are often ineffective against sophisticated attackers. This paper addressed these issues by designing a new framework that uses a machine learning (ML) algorithm for the detection of malware. Additionally, it also employed sequential detection architecture and evaluated eight malware datasets. The design framework is lightweight and effective in data processing and feature selection algorithms. Moreover, this work proposed a classification model that utilizes one support vector machine (SVM) algorithm and is individually tuned with three different optimization algorithms. The employed optimization algorithms are Nuclear Reactor Optimization (NRO), Artificial Rabbits Optimization (ARO), and Particle Swarm Optimization (PSO). These algorithms are used to explore a diverse search space and ensure robustness in optimizing the SVM for malware detection. After extensive simulations, our proposed framework achieved the desired accuracy among eleven existing ML algorithms and three proposed ensemblers (i.e., NRO_SVM, ARO_SVM, and PSO_SVM). Among all algorithms, NRO_SVM outperforms the others with an accuracy rate of 97.8%, an F1 score of 97%, and a recall of 99%, and has fewer false positives and false negatives. In addition, our model successfully identified and prevented malware-induced attacks with a high probability of recognizing new evolving threats.

mathematics

Daniel Park,Hannah Powers,Benji Prashker,Leland Liu,Bülent Yener,Bulent Yener

DOI: https://doi.org/10.1109/icmla51294.2020.00173

2020-12-01

Abstract:With the increased deployment of IoT and edge devices into commercial and user networks, these devices have become a new threat vector for malware authors. It is imperative to protect these devices as they become more prevalent in commercial and personal networks. However, due to their limited computational power and storage space, especially in the case of battery-powered devices, it is infeasible to deploy state-of-the-art malware detectors onto these systems. In this work, we propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection. We empirically show that our approach maintains a high detection rate while consuming less power than similar work.

Hadeel Alrubayyi,Gokop Goteng,Mona Jaber,James Kelly

DOI: https://doi.org/10.3390/jsan10040061

2021-10-26

Journal of Sensor and Actuator Networks

Abstract:The fast growth of the Internet of Things (IoT) and its diverse applications increase the risk of cyberattacks, one type of which is malware attacks. Due to the IoT devices’ different capabilities and the dynamic and ever-evolving environment, applying complex security measures is challenging, and applying only basic security standards is risky. Artificial Immune Systems (AIS) are intrusion-detecting algorithms inspired by the human body’s adaptive immune system techniques. Most of these algorithms imitate the human’s body B-cell and T-cell defensive mechanisms. They are lightweight, adaptive, and able to detect malware attacks without prior knowledge. In this work, we review the recent advances in employing AIS for the improved detection of malware in IoT networks. We present a critical analysis that highlights the limitations of the state-of-the-art in AIS research and offer insights into promising new research directions.