Towards Obfuscated Malware Detection for Low Powered IoT Devices

Park, Daniel; Powers, Hannah; Prashker, Benji; Liu, Leland; Yener, Bülent

doi:10.1109/icmla51294.2020.00173

Cited by 3 publications

(2 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It should be noted that since different CPU architectures have different instruction sets, the opcodes are also different. Therefore, detecting malware samples across architectures requires considering the opcodes in each CPU architecture, leading to a computationally intensive process [ 27 , 28 , 29 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 , 38 ].…”

Section: Related Workmentioning

confidence: 99%

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

Zhao

Kuerban

2023

Sensors

View full text Add to dashboard Cite

With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy.

show abstract

Section: Related Workmentioning

confidence: 99%

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

Zhao

Kuerban

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Many statistical and machine learning techniques, including clustering, decision trees, and support vector machines, have been used. Despite being efficient at locating unique patterns, they may have large false-positive rates [9].…”

Section: Review Of Literaturementioning

confidence: 99%

Real-Time Malware Detection on IoT Devices using Behavior-Based Analysis and Neural Networks

Pandit,

Mondal

2023

RJCSE

View full text Add to dashboard Cite

IoT devices' constrained processing capabilities and malware's changing nature make traditional signature-based methods for malware detection ineffective. The focus of our suggested approach, in contrast, is on real-time analysis of IoT device behaviour patterns to find anomalies that might be signs of malicious activity. We can spot differences from typical behaviour on devices by continuously observing how they behave. These differences could indicate the existence of malware. We use deep neural networks to handle and analyse the enormous quantity of data produced by IoT devices in order to do this. Specifically, we use recurrent neural networks (RNNs) and convolutional neural networks (CNNs). These neural networks learn the anticipated behaviours of various IoT devices and their applications through training on historical data. They quickly detect unexpected behaviours that can be a sign of malware infestations or other harmful actions by comparing incoming data streams to these learned patterns in real-time. By reaching high detection rates while preserving low false-positive rates, our experimental results show the efficiency of the suggested approach. We can greatly improve the security posture of IoT devices or gateways by integrating this real-time malware detection technology into them, defending against new attacks in the ever-changing IoT landscape. By protecting the privacy and integrity of IoT-enabled environments, our research will help to mitigate the escalating cybersecurity challenges faced by IoT devices.

show abstract