Malware Anomaly Detection on Virtual Assistants

This work explores the application of anomaly detection techniques, specifically one-class support vector machine (SVM) and online change-point detection, to construct a model that can distinguish, in real-time, between the normal operation of an Amazon Alexa Virtual Assistant IoT device from anomalous operation due to malware infections. Despite the current absence of widespread malware for IoT devices, the anticipated rapid growth in deployment and use of IoT devices will likely attract many different malware attacks in the near future. Because of their highly specialized and, hence, predictable expected behavior, malware detection on IoT devices is not difficult given large training sets, long testing vectors, and extensive computational power. The challenge we address in this paper is to ascertain how quickly malware may be detected, i.e., the distribution on the number of system calls before a suitably high confidence decision may be made.

[1]  Moshe Kam,et al.  Run-time classification of malicious processes using system call analysis , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[2]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[3]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[4]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[5]  Moshe Kam,et al.  Inoculation against malware infection using kernel-level software sensors , 2011, ICAC '11.

[6]  Moshe Kam,et al.  Toward an Automatic, Online Behavioral Malware Classification System , 2013, 2013 IEEE 7th International Conference on Self-Adaptive and Self-Organizing Systems.

[7]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[8]  Moshe Kam,et al.  System Call-Based Detection of Malicious Processes , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[9]  Moshe Kam,et al.  Multi-channel Change-Point Malware Detection , 2013, 2013 IEEE 7th International Conference on Software Security and Reliability.

[10]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[11]  E. S. Page CONTINUOUS INSPECTION SCHEMES , 1954 .

[12]  Spiros Mancoridis,et al.  Diagnosis of software failures using computational geometry , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[13]  Michalis Faloutsos,et al.  Behavioral anomaly detection of malware on home routers , 2017, 2017 12th International Conference on Malicious and Unwanted Software (MALWARE).

[14]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.