Phát hiện mã độc IoT botnet dựa trên đồ thị PSI với mô hình Skip-gram

15:00 | 18/02/2020 | GP ATM
CSKH-01.2018 - (Tóm tắt) - Trong bài báo này, nhóm tác giả đề xuất một phương pháp phát hiện mã độc IoT botnet dựa trên đồ thị PSI (Printable String Information) sử dụng mạng nơ-ron tích chập (Convolutional Neural Network - CNN). Thông qua việc phân tích đặc tính của Botnet trên các thiết bị IoT, phương pháp đề xuất xây dựng đồ thị để thể hiện các mối liên kết giữa các PSI, làm đầu vào cho mô hình mạng nơ-ron CNN phân lớp. Kết quả thực nghiệm trên bộ dữ liệu 10033 tập tin ELF gồm 4002 mẫu mã độc IoT botnet và 6031 tập tin lành tính cho thấy phương pháp đề xuất đạt độ chính xác (accuracy) và độ đo F1 lên tới 98,1%.

Abstract - In this paper, the authors propose a method for detecting IoT botnet malware based on PSI graphs using Convolutional Neural Network (CNN). Through analyzing the characteristics of Botnet on IoT devices, the proposed method construct the graph to show the relations between PSIs, as input for the CNN neural network model. Experimental results on the 10033 data set of ELF files including 4002 IoT botnet malware samples and 6031 benign files show Accuracy and F1-score up to 98.1%.

Xem toàn bộ bài báo ở đây.

TÀI LIỆU THAM KHẢO

[1]. Pavel Celeda, Radek Krejcí, Jan Vykopal, Martin Drasar, ‘Embedded Malware - An Analysis of the Chuck Norris Botnet’, presented at the European Conference on Computer Network Defense, Berlin, Germany, 2010.

[2]. Zaddach, Jonas and Bruno, Luca and Francillon, Aurelien and and Balzarotti, Davide, ‘AVATAR: A framework to support dynamic security analysis of embedded systems’ firmwares’, presented at the Proceedings of the Network and Distributed System Security Symposium, France, 2014.

[3]. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T. and Rossow, C., ‘IoTPOT: A Novel Honenypot for Revealing Current IoT Threats’, J. Inf. Process., vol. 24, pp. 522–533, May 2016.

[4]. Ahmad Darki, Chun-Yu Chuang, Michalis Faloutsos, Zhiyun Qian, Heng Yin, ‘RARE: A Systematic Augmented Router Emulation for Malware Analysis’, in Lecture Notes in Computer Science, vol. 10771, pp. 60–72, 2018.

[5]. A. Jacobsson, M. Boldt and B. Carlsson, ‘A risk analysis of a smart home automation system’, Future Gener. Comput. Syst., vol. 56, pp. 719–733, 2016.

[6]. Chun-Jung Wu, Ying Tie, Satoshi Hara, and Kazuki Tamiya, ‘IoTProtect: Highly Deployable Whitelist-based Protection for Low-cost Internet-of-Things Devices’, J. Inf. Process., vol. 26, pp. 662–672, 2018.

[7]. T. Ronghua, ‘An Integrated Malware Detection and Classification System’, MEng Chongqing Univ. BEngChangchun Univ. Sci. Technol., vol. Doctor of Philosophy, Aug. 2011.

[8]. Yan  Shoshitaishvili,  Ruoyu  Wang,  Christophe  Hauser, Christopher  Kruegel,  Giovanni  Vigna, ‘Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware’, Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel Giovanni Vigna, pp. 15, 2015.

[9]. D. Davidson, B. Moench, and S. Jha, ‘FIE on Firmware, Finding vulnerabilities in embedded systems using symbolic execution’, 22nd USENIX Secur. Symp. USENIX, pp. 16, 2013.

[10]. Rafiqul Islam, Ronghua Tian, Lynn M. Batten, and Steve Versteeg, ‘Classification of malware based on integrated static and dynamic features’, J. Netw. Comput. Appl., vol. 36, pp. 646–656, 2013.

[11]. A. Costin, J. Zaddach, and A. Francillon, ‘A large scale analysis of the security of embedded firmwares’, 23rd USENIX Secur. Symp., pp. 95–100, 2014.

[12]. Angrishi, Kishore, ‘Turning Internet of Things (IoT) into Internet of Vulnerabilities (IoV): IoT Botnets’, presented at the arXiv preprint arXiv:1702.03681, 2017.

[13]. Christopher D. McDermott, Farzan Majdani, Andrei V. Petrovski, ‘Botnet Detection in the Internet of Things using Deep Learning Approaches’, presented at the International joint conference on neural networks 2018, Rio de Janeiro, Brazil.

[14]. Yuan, Z., Lu, Y., Wang, Z., Xue, Y, ‘Droid-Sec: deep learning in android malware detection’, presented at the ACM SIGCOMM Computer Communication Review, vol. 44, pp. 371–372, 2014.

[15]. Saxe, J., Berlin, K., ‘Deep neural network based malware detection using two dimensional binary program features.’, presented at the 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11–20, 2015.

[16]. Hamed HaddadPajouh, Ali Dehghantanha, Raouf Khayami, Kim-Kwang Raymond Choo, ‘A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting’, 2018.

[17]. Kishore Angrish, ‘Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets’, ArXiv170203681v1 CsNI, Feb. 2017.

[18]. Michele De Donno, Nicola Dragoni, Alberto Giaretta, Angelo Spognardi, ‘Analysis of DDoS-Capable IoT Malwares’, in The Federated Conference on Computer Science and Information Systems, vol. 11, pp. 807–816, 2017.

[19]. M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, and and G. Giacinto, ‘Novel feature extraction, selection and fusion for effective malware family classification’, presented at the Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 183–194, 2016.

[20]. Annamalai Narayanan, Mahinthan Chandramohan, Rajasekar Venkatesan, Lihui and Chen, Yang Liu and Shantanu Jaiswa, ‘graph2vec: Learning Distributed Representations of Graphs’, presented at the arXiv:1707.05005v1, 2017.

[21]. Annamalai Narayanan, Mahinthan Chandramohan, Rajasekar Venkatesan, Lihui and Chen, Yang Liu and Shantanu Jaiswa, ‘graph2vec: Learning Distributed Representations of Graphs’, presented at the arXiv:1707.05005v1, 2017.

[22]. Jiawei Su, Danilo Vasconcellos Vargas, Sanjiva Prasad, Daniele Sgandurra, Yaokai Feng, Kouichi Sakurai, ‘Lightweight Classification of IoT Malware based on Image Recognition’, CoRR, vol. abs/1802.03714, 2018.

[23]. H. HaddadPajouh, A. Dehghantanha, R. Khayami, K.R. Choo, ‘A deep Recurrent Neural Network based approach for internet of things malware threat hunting’, presented at the Future Generation Computer Systems, 2018.

Thông tin trích dẫn: Ngô Quốc Dũng,  Lê Văn Hoàng, Nguyễn Huy Trung, "Phát hiện mã độc IoT botnet dựa trên đồ thị PSI với mô hình Skip-gram", Nghiên cứu khoa học và công nghệ trong lĩnh vực An toàn thông tin, Tạp chí An toàn thông tin, Vol. 07, pp. 29 - 36, No. 01, 2018.

Ngô Quốc Dũng, Lê Văn Hoàng, Nguyễn Huy Trung

Tin cùng chuyên mục

Tin mới