A Survey on Cross-Architectural IoT Malware Threat Hunting

Raju, Anandharaju Durai; Abualhaol, Ibrahim; Giagone, Ronnie Salvador; Zhou, Yang; Huang, Shaoxiong

doi:10.1109/access.2021.3091427

Cited by 39 publications

(22 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The particular difficulty of conducting SA is manifested precisely for IoTS, which have different functional purposes. Thus, devices use various OS, distros and CPU architectures [ 16 ]. Each such choice, in particular, is selected based on the tasks of the devices.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches

Kotenko

Izrailov

Buinevich

2022

Sensors

View full text Add to dashboard Cite

Ensuring security for modern IoT systems requires the use of complex methods to analyze their software. One of the most in-demand methods that has repeatedly been proven to be effective is static analysis. However, the progressive complication of the connections in IoT systems, the increase in their scale, and the heterogeneity of elements requires the automation and intellectualization of manual experts’ work. A hypothesis to this end is posed that assumes the applicability of machine-learning solutions for IoT system static analysis. A scheme of this research, which is aimed at confirming the hypothesis and reflecting the ontology of the study, is given. The main contributions to the work are as follows: systematization of static analysis stages for IoT systems and decisions of machine-learning problems in the form of formalized models; review of the entire subject area publications with analysis of the results; confirmation of the machine-learning instrumentaries applicability for each static analysis stage; and the proposal of an intelligent framework concept for the static analysis of IoT systems. The novelty of the results obtained is a consideration of the entire process of static analysis (from the beginning of IoT system research to the final delivery of the results), consideration of each stage from the entirely given set of machine-learning solutions perspective, as well as formalization of the stages and solutions in the form of “Form and Content” data transformations.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The work [ 16 ] emphasizes the relevance and underdevelopment of solutions for the search for malicious IoT software. Particular attention is paid to the executed Unux-like programs in the ELF format.…”

Section: Analysis Of Existing Review Workmentioning

confidence: 99%

Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches

Kotenko

Izrailov

Buinevich

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Most of them do not discuss the role of AI [27]. Moreover, some relevant surveys discuss threat hunting in a specific area [28]. These shortcomings motivate our work in this paper.…”

Section: Existing Surveysmentioning

confidence: 99%

“…Threat hunting is important for all types of technologies. In [28] it was identified that there is a lack of research regarding non-Windows operating systems. There is constant development of hunting techniques for Windows malware, but there is a lack of work regarding Linux protection [28].…”

Section: Surveys On Threat Huntingmentioning

confidence: 99%

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Hillier¹,

Karroubi²

2022

Preprint

View full text Add to dashboard Cite

The threat hunting lifecycle is a complex atmosphere that requires special attention from professionals to maintain security. This paper is a collection of recent work that gives a holistic view of the threat hunting ecosystem, identifies challenges, and discusses the future with the integration of artificial intelligence (AI). We specifically establish a life cycle and ecosystem for privacy-threat hunting in addition to identifying the related challenges. We also discovered how critical the use of AI is in threat hunting. This work paves the way for future work in this area as it provides the foundational knowledge to make meaningful advancements for threat hunting.

show abstract

“…The practice of contaminating web applications with malevolent software is termed malware. In Recent Times, a massive number of malwares has been devised for attacking IoT systems [75,76] Control flow side-channel assessment [77], software integrity validation, malware detector [78], Security updates [79] (continued) Reverse Engineering All An attempt to analyze the firmware of IoT devices to reach sensitive data i.e., users' credentials [93] Self-destruction and Tamper proofing, IC/IP Obfuscation and encryption [94,95] (continued) Identity and access management, authentication, multi-factor authentication guidance, dynamic credentials [100] Brute-force attacks S4, S6 An active attack hinges on a trial-and-error strategy to obtain some data such as passwords, finance, identifiers. It employs automatic software to engender a massive amount of successive suppositions to decrypt the ciphertext [85,86] Locking out IP address, discovery tools, brute force site scanning tools [101] Data exposure attacks…”

Section: Allmentioning

confidence: 99%

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Abdel‐Basset

Moustafa

Hawash

et al. 2021

Deep Learning Techniques for IoT Security and Privacy

View full text Add to dashboard Cite

This chapter elaborates on different security aspects to be taken into accounts during the development and the deployments of IoT architecture. To make the reader about the security of the IoT based system, this chapter begins by defining the contemporary security requirements that should be considered to realize a reliable and trustworthy IoT environment. Then, the discussion extends to differentiate different concepts of IoT security i.e., threat, vulnerability, countermeasure, attacks, risks; and also explain how the concepts relate to each other. Later, a systematic taxonomy is presented for classifying IoT attacks according to IoT assets, where each class of IoT is further classified into more subcategories. Finally, the discussion of each elaborate different categories of IoT attack indicating their main security targets and possible IoT countermeasures.To sum up, this chapter intends to provide a comprehensive overview regarding IoT security vulnerabilities, threats, countermeasures, risks along with practices of handling them all through the following sections: • Security Requirements in Internet of Things • IoT threats, Attacks, vulnerabilities, and risks • Today's IoT attacks and Countermeasures • IoT attack surfaces • Summary and Learnt Lessons.

show abstract

A Survey on Cross-Architectural IoT Malware Threat Hunting

Cited by 39 publications

References 64 publications

Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches

Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Contact Info

Product

Resources

About