scispace - formally typeset
Search or ask a question
Journal ArticleDOI

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

01 Mar 2023-Sensors-Vol. 23, Iss: 6, pp 3060-3060
TL;DR: Wang et al. as mentioned in this paper proposed an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model.
Abstract: With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy.

Content maybe subject to copyright    Report

References
More filters
Proceedings ArticleDOI
23 Jul 2018
TL;DR: In this article, a light-weight approach for detecting DDos malware in IoT environments is proposed, which utilizes a lightweight convolutional neural network for classifying their families.
Abstract: The Internet of Things (IoT) is an extension of the traditional Internet, which allows a very large number of smart devices, such as home appliances, network cameras, sensors and controllers to connect to one another to share information and improve user experiences. IoT devices are micro-computers for domain-specific computations rather than traditional functionspecific embedded devices. This opens the possibility of seeing many kinds of existing attacks, traditionally targeted at the Internet, also directed at IoT devices. As shown by recent events, such as the Mirai and Brickerbot botnets, DDoS attacks have become very common in IoT environments as these lack basic security monitoring and protection mechanisms. In this paper, we propose a novel light-weight approach for detecting DDos malware in IoT environments. We extract the malware images (i.e., a one-channel gray-scale image converted from a malware binary) and utilize a light-weight convolutional neural network for classifying their families. The experimental results show that the proposed system can achieve 94:0% accuracy for the classification of goodware and DDoS malware, and 81:8% accuracy for the classification of goodware and two main malware families.

210 citations

Journal ArticleDOI
TL;DR: An IoT honeypot and sandbox is proposed, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC.
Abstract: We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our honeypot and captured malware samples, we show that there are currently at least 5 distinct DDoS malware families targeting Telnet-enabled IoT devices and one of the families has quickly evolved to target more devices with as many as 9 different CPU architectures.

194 citations

Journal ArticleDOI
01 Mar 2019
TL;DR: This paper intends to provide a comprehensive security analysis of the IoT, by examining and assessing the potential threats and countermeasures, and identifies the suitable countermeasures and their limitations, paying special attention to the IoT protocols.
Abstract: The Internet of Things (IoT) is the next technological leap that will introduce significant improvements to various aspects of the human environment, such as health, commerce, and transport. However, despite the fact that it may bring beneficial economic and social changes, the security and the privacy protection of objects and users remain a crucial challenge that has to be addressed. Specifically, now the security measures have to monitor and control the actions both of users and objects. However, the interconnected and independent nature of objects, as well as their constrained capabilities regarding the computing resources make impossible the applicability of the conventional security mechanisms. Moreover, the heterogeneity of various technologies which the IoT combines increases the complexity of the security processes, since each technology is characterized by different vulnerabilities. Furthermore, the tremendous amounts of data which is generated by the multiple interactions between the users and objects or among the objects make harder their management and the functionality of the access control systems. In this context, this paper intends to provide a comprehensive security analysis of the IoT, by examining and assessing the potential threats and countermeasures. More detailed, after studying and determining the security requirements in the context of the IoT, we implement a qualitative and quantitative risk analysis, investigating the security threats per layer. Subsequently, based on this process we identify the suitable countermeasures and their limitations, paying special attention to the IoT protocols. Finally, we provide research directions for future work.

190 citations

Proceedings ArticleDOI
Bo Li1, Jianxin Li1, Tianyu Wo1, Chunming Hu1, Liang Zhong1 
08 Dec 2010
TL;DR: A novel approach named VSyscall is proposed, which leverages virtualization technology to enable system call interposition outside the operating system and a system call correlating method is proposed to identify the coherent system calls belonging to the same process from the system call sequence.
Abstract: System call interposition is a powerful method for regulating and monitoring program behavior. A wide variety of security tools have been developed which use this technique. However, traditional system call interposition techniques are vulnerable to kernel attacks and have some limitations on effectiveness and transparency. In this paper, we propose a novel approach named VSyscall, which leverages virtualization technology to enable system call interposition outside the operating system. A system call correlating method is proposed to identify the coherent system calls belonging to the same process from the system call sequence. We have developed a prototype of VSyscall and implemented it in two mainstream virtual machine monitors, Qemu and KVM, respectively. We also evaluate the effectiveness and performance overhead of our approach by comprehensive experiments. The results show that VSyscall achieves effectiveness with a small overhead, and our experiments with six real-world applications indicate its practicality.

169 citations

Journal ArticleDOI
TL;DR: This study transmute the programs’ OpCodes into a vector space and employ fuzzy and fast fuzzy pattern tree methods for malware detection and categorization, obtaining a high degree of accuracy during reasonable run-times especially for the fast fuzzypattern tree.

151 citations