The Internet of Things (IoT) refers to the millions of devices around the world that are connected to the Internet. Insecure IoT devices designed without proper security features are the targets of many Internet threats. The rapid integration of the Internet into the IoT infrastructure in various areas of human activity, including vulnerable critical infrastructure, makes the detection of malware in the Internet of Things increasingly important. Annual reports from IoT infrastructure cybersecurity companies and antivirus software vendors show an increase in malware attacks targeting IoT infrastructure. This demonstrates the failure of modern methods for detecting malware on the Internet of things. This is why there is an urgent need for new approaches to IoT malware detection and to protect IoT devices from IoT malware attacks. The subject of the research is the malware detection process on the Internet of Things. This study aims to develop a technique for malware detection based on the control flow graph analysis. Results. This paper presents a new approach for IoT malware detection based on control flow graph analysis. Control flow graphs were built for suspicious IoT applications. The control flow graph is represented as a directed graph, which contains information about the components of the suspicious program and the transitions between them. Based on the control flow graph, metrics can be extracted that describe the structure of the program. Considering that IoT applications are small due to the simplicity and limitations of the IoT operating system environment, malware detection based on control flow graph analysis seems to be possible in the IoT environment. To analyze the behavior of the IoT application for each control flow graph, the action graph is to be built. It shows an abstract graph and a description of the program. Based on the action graph for each IoT application, a sequence is formed. This allows for defining the program’s behavior. Thus, with the aim of IoT malware detection, two malware detection models based on control flow graph metrics and the action sequences are used. Since the approach allows you to analyze both the overall structure and behavior of each application, it allows you to achieve high malware detection accuracy. The proposed approach allows the detection of unknown IoT malware, which are the modified versions of known IoT malware. As the mean of conclusion-making concerning the malware presence, the set of machine learning classifiers was employed. The experimental results demonstrated the high accuracy of IoT malware detection. Conclusions. A new technique for IoT malware detection based on control flow graph analysis has been developed. It can detect IoT malware with high efficiency.
Malware detection remains an urgent task today. Various means for the development of information technology and providing users with useful applications are being transformed by attackers into tools for malicious influences and manifestations. A variety of countermeasures and detection tools have been developed to detect malware, but the problem of malware distribution remains relevant. It is especially important for enterprises and organizations. Their corporate networks and resources are becoming objects of interest to intruders. To counteract and prevent the effects of malware, they have various systems in place. In order to improve the counteraction to malicious influences and manifestations, the paper proposes the use of distributed discrete systems, in the architecture of which the principles of self-organization, adaptability and partial centralization are synthesized. Such tools and their functioning will be difficult to understand for attackers and, therefore, will be difficult to circumvent. The architecture of the proposed tools will integrate the implemented methods of malware detection for a holistic counteraction to malware. Such a system will be a single sensor that will detect malicious influences and anomalies. To organize its functioning, descriptions of characteristic indicators are needed. The paper presents the developed mathematical models for determining the values of characteristic indicators. According to obtained values the system architecture was formed. In order to evaluate the sustainability of the developed distributed discrete system a set of experiments were conducted. In addition, to study the accuracy of malware detection, the developed system was tested for the possibility of worm virus detection. Experimental studies have confirmed the effectiveness of the proposed solution, which makes it possible to use the obtained solutions for the development of such systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.