Detecting Malware on X86-Based IoT Devices in Autonomous Driving

Niu, Weina; Zhang, Xiaosong; Du, Xiaojiang; Hu, Teng; Xie, Xin; Guizani, Nadra

doi:10.1109/mwc.2019.1800505

Cited by 18 publications

(9 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, a deep belief network (DBN) with optimized activation function was constructed to attribute the malware. In [4], Niu et al combined static analysis and extreme gradient boosting (XGBoost) method to overcome the low accuracy of static analysis and high resource overhead of dynamic analysis on X86-based IoT devices in an autonomous driving application. In [30], the opcodes of IoT applications were transmuted into a vector space, and then fuzzy and fast fuzzy tree methods were developed to detect and classify the malware.…”

Section: Machine Learning Methods On Edge Malware Detection and Categmentioning

confidence: 99%

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

et al. 2020

View full text Add to dashboard Cite

As edge computing paradigm achieves great popularity in recent years, there remain some technical challenges that must be addressed to guarantee smart device security in Internet of Things (IoT) environment. Generally, smart devices transmit individual data across the IoT for various purposes nowadays, and it will cause losses and impose a huge threat to users since malware may steal and damage these data. To improve malware detection performance on IoT smart devices, we conduct a malware categorization analysis based on the Kaggle competition of Microsoft Malware Classification Challenge (BIG 2015) dataset in this article. Practically speaking, motivated by temporal convolutional network (TCN) structure, we propose a malware categorization scheme mainly using Word2Vec pre-trained model. Considering that the popular one-hot encoding converts input names from malicious files to high-dimensional vectors since each name is represented as one dimension in one-hot vector space, more compact vectors with fewer dimensions are obtained through the use of Word2Vec pre-training strategy, and then it can lead to fewer parameters and stronger malware feature representation. Moreover, compared with long short-term memory (LSTM), TCN demonstrates better performance with longer effective memory and faster training speed in sequence modeling tasks. The experimental comparisons on this malware dataset reveal better categorization performance with less memory usage and training time. Especially, through the performance comparison between our scheme and the state-of-the-art Word2Vec-based LSTM approach, our scheme shows approximately 1.3% higher predicted accuracy than the latter on this malware categorization task. Additionally, it also demonstrates that our scheme reduces about 90 thousand parameters and more than 1 hour on the model training time in this comparison.

show abstract

Section: Machine Learning Methods On Edge Malware Detection and Categmentioning

confidence: 99%

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Existing cross-architecture dynamic analysis lacks a method that treats system calls as the only feature type. Therefore, we use two static analysis methods based on a single architecture [ 5 , 6 ] and compare them against MDABP. Specifically, Hu et al [ 5 ] proposed an ARM architecture-based IoT malware detection model that employed opcodes as features for classification.…”

Section: Experimental Evaluationmentioning

confidence: 99%

“…Rapid advances in software development techniques allow the source code of malware to be compiled into different executable programs tailored to different central processing unit (CPU) architectures via toolchains [ 4 ]. In addition to accelerating the spread of IoT malware, this also means that malware detection methods [ 5 , 6 ] based on a single CPU architecture do not meet the analysis requirements any longer. Given that the opcodes, instruction sets, and other characteristics of the executable files compiled on various CPU architectures differ [ 7 ], the static analysis method based on a single CPU architecture uses features that do not contain features of samples compiled based on other CPU architectures.…”

Section: Introductionmentioning

confidence: 99%

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

Zhao

Kuerban

2023

Sensors

View full text Add to dashboard Cite

With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy.

show abstract

“…LightGBM is suitable for this study since it is able to process big datasets, runs fast and requires less memory. XGBoost [31], commonly used in machine learning technique, is also from a family of a gradient boosting. It is originated from Gradient Boosting Decision Tree (GBDT).…”

Section: Ensemble Learning Phasementioning

confidence: 99%

A Novel Framework for Windows Malware Detection Using a Deep Learning Approach

Darem¹

2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Malicious software (malware) is one of the main cyber threats that organizations and Internet users are currently facing. Malware is a software code developed by cybercriminals for damage purposes, such as corrupting the system and data as well as stealing sensitive data. The damage caused by malware is substantially increasing every day. There is a need to detect malware efficiently and automatically and remove threats quickly from the systems. Although there are various approaches to tackle malware problems, their prevalence and stealthiness necessitate an effective method for the detection and prevention of malware attacks. The deep learning-based approach is recently gaining attention as a suitable method that effectively detects malware. In this paper, a novel approach based on deep learning for detecting malware proposed. Furthermore, the proposed approach deploys novel feature selection, feature co-relation, and feature representations to significantly reduce the feature space. The proposed approach has been evaluated using a Microsoft prediction dataset with samples of 21,736 malware composed of 9 malware families. It achieved 96.01% accuracy and outperformed the existing techniques of malware detection.

show abstract

Detecting Malware on X86-Based IoT Devices in Autonomous Driving

Cited by 18 publications

References 8 publications

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

A Novel Framework for Windows Malware Detection Using a Deep Learning Approach

Contact Info

Product

Resources

About