Behavioral anomaly detection of malware on home routers

An, Ning; Duff, Alexander; Naik, Gaurav; Faloutsos, Michalis; Weber, Steven; Mancoridis, Spiros

doi:10.1109/malware.2017.8323956

Cited by 31 publications

(18 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kim et al [20] used an unsupervised AutoEncoder (AE) to detect unknown attacks in a single event. Some studies detect abnormal behavior of malicious code using principal component analysis, similar to AE [21]. Zenati et al [22] provided a promising approach to solving the data imbalance problem by modeling real data into complex high-dimensional distributions using Generative Adversarial Network (GAN).…”

Section: A Anomaly Detection Researchmentioning

confidence: 99%

E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System

Hwang

Lee

2021

IEEE Access

View full text Add to dashboard Cite

Industrial Control Systems (ICS) are evolving into smart environments with increased interconnectivity by being connected to the Internet. These changes increase the likelihood of security vulnerabilities and accidents. As the risk of cyberattacks on ICS has increased, various anomaly detection studies are being conducted to detect abnormal situations in industrial processes. However, anomaly detection in ICS suffers from numerous false alarms. When false alarms occur, multiple sensors need to be checked, which is impractical. In this study, when an anomaly is detected, sensors displaying abnormal behavior are visually presented through XAI-based analysis to support quick practical actions and operations. Anomaly Detection has designed and applied better anomaly detection technology than the first prize at HAICon2020, an ICS security threat detection AI contest hosted by the National Security Research Institute last year, and explains the anomalies detected in its model. To the best of our knowledge, our work is at the forefront of explainable anomaly detection research in ICS. Therefore, it is expected to increase the utilization of anomaly detection technology in ICS.

show abstract

Section: A Anomaly Detection Researchmentioning

confidence: 99%

E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System

Hwang

Lee

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Other works such as [20,23] aim to build anomaly-based systems to detect IoT botnets. These works present techniques that model the legitimate behaviour of IoT devices.…”

Section: Related Workmentioning

confidence: 99%

“…Despite the great results, the use of deep autoencoders can be computationally costly even to a gateway and demands large amounts of data to train the model. The work proposed by [23] explores the construction of an IDS to protect Linux routers, a very popular target in recent years. They tested three different types of anomaly detection techniques, PCA, OSVM, and a naive detector using n-grams, to analyse syscall data from routers.…”

Section: Related Workmentioning

confidence: 99%

IoTDS: A One-Class Classification Approach to Detect Botnets in Internet of Things Devices

Bezerra

Costa

Barbon

et al. 2019

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device’s behaviour, the approach extracts features from the device’s CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device’s energy consumption, and CPU and memory utilisation.

show abstract

“…We preferred an approach that allows generalization and comparatively fast prediction-one class support vector machine (OC-SVM) [26]. OC-SVMs are widely used for anomaly detection and were also applied for intrusion detection [16,27]. We employ them only for detecting the corresponding cluster for a new session.…”

Section: Related Workmentioning

confidence: 99%

System Misuse Detection Via Informed Behavior Clustering and Modeling

Adilova

Natious

Chen³

et al. 2019

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

View full text Add to dashboard Cite

One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts. We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.

show abstract

Behavioral anomaly detection of malware on home routers

Cited by 31 publications

References 13 publications

E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System

E-SFD: Explainable Sensor Fault Detection in the ICS Anomaly Detection System

IoTDS: A One-Class Classification Approach to Detect Botnets in Internet of Things Devices

System Misuse Detection Via Informed Behavior Clustering and Modeling

Contact Info

Product

Resources

About