IoT Botnet Detection Approach Based on PSI graph and DGCNN classifier

Internet of Things (IoT) devices are increasingly deployed in different domain and for different purposes. The increasing presence in a broad range of applications, their computing and processing capabilities make them a valuable attack target for IoT botnet malware. Recent years, machine learning has been served as a useful resource for researchers in malware detection. However, the feature extraction is always a heavy manually task relying on domain knowledge while malware may evolve fast in real world. In order to deal with this problem, convolutional neural networks (CNN) based IoT malware detection, which can detect malware without extracting pre-selected features is a promising solution. In this paper, we propose a novel approach for Linux IoT botnet detection based on the combination of PSI graph and CNN classifier. 10033 ELF files including 4002 IoT botnet samples and 6031 benign files were used for the experiment. The evaluation result shows that PSI graph CNN classifier achieves an accuracy of 92% and a F-measure of 94%.

[1]  Ruigang Liang,et al.  An Inside Look at IoT Malware , 2017 .

[2]  Eleonora Borgia,et al.  The Internet of Things vision: Key features, applications and open issues , 2014, Comput. Commun..

[3]  Yixin Chen,et al.  An End-to-End Deep Learning Architecture for Graph Classification , 2018, AAAI.

[4]  Mansour Ahmadi,et al.  Novel Feature Extraction, Selection and Fusion for Effective Malware Family Classification , 2015, CODASPY.

[5]  Ning Zhang,et al.  Efficient Signature Generation for Classifying Cross-Architecture IoT Malware , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[6]  David Brumley,et al.  Towards Automated Dynamic Analysis for Linux-based Embedded Firmware , 2016, NDSS.

[7]  Andreas Jacobsson,et al.  A risk analysis of a smart home automation system , 2016, Future Gener. Comput. Syst..

[8]  Colin Tankard,et al.  The security issues of the Internet of Things , 2015 .

[9]  Di Wu,et al.  IoT Security Techniques Based on Machine Learning: How Do IoT Devices Use AI to Enhance Security? , 2018, IEEE Signal Processing Magazine.

[10]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[11]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[12]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[13]  Christopher Krügel,et al.  Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware , 2015, NDSS.

[14]  Pavel Celeda,et al.  Revealing and analysing modem malware , 2012, 2012 IEEE International Conference on Communications (ICC).

[15]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[16]  Dragos Gavrilut,et al.  Malware detection using machine learning , 2009, 2009 International Multiconference on Computer Science and Information Technology.

[17]  余雷,et al.  新生儿Gartner氏囊肿 , 2002 .

[18]  Angelo Spognardi,et al.  Analysis of DDoS-capable IoT malwares , 2017, 2017 Federated Conference on Computer Science and Information Systems (FedCSIS).

[19]  Md. Rafiqul Islam,et al.  Classification of malware based on integrated static and dynamic features , 2013, J. Netw. Comput. Appl..

[20]  Luca Bruno,et al.  AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares , 2014, NDSS.

[21]  Apostolis Zarras,et al.  Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces , 2015, AsiaCCS.

[22]  Yang Wang,et al.  Malware Classification with Deep Convolutional Neural Networks , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[23]  Jose Romero-Mariona,et al.  IoDDoS - The Internet of Distributed Denial of Sevice Attacks - A Case Study of the Mirai Malware and IoT-Based Botnets , 2017, IoTBDS.

[24]  Tsutomu Matsumoto,et al.  IoTPOT: A Novel Honeypot for Revealing Current IoT Threats , 2016, J. Inf. Process..