Benji Prashker

Bio: Benji Prashker is an academic researcher from Rensselaer Polytechnic Institute. The author has contributed to research in topics: Malware. The author has an hindex of 1, co-authored 2 publications receiving 1 citations.

Towards Obfuscated Malware Detection for Low Powered IoT Devices

Abstract: With the increased deployment of IoT and edge devices into commercial and user networks, these devices have become a new threat vector for malware authors. It is imperative to protect these devices as they become more prevalent in commercial and personal networks. However, due to their limited computational power and storage space, especially in the case of battery-powered devices, it is infeasible to deploy state-of-the-art malware detectors onto these systems. In this work, we propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection. We empirically show that our approach maintains a high detection rate while consuming less power than similar work.

Towards Obfuscated Malware Detection for Low Powered IoT Devices

Abstract: With the increased deployment of IoT and edge devices into commercial and user networks, these devices have become a new threat vector for malware authors. It is imperative to protect these devices as they become more prevalent in commercial and personal networks. However, due to their limited computational power and storage space, especially in the case of battery-powered devices, it is infeasible to deploy state-of-the-art malware detectors onto these systems. In this work, we propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection. We empirically show that our approach maintains a high detection rate while consuming less power than similar work.

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

Abstract: With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy.