A Multilabel Fuzzy Relevance Clustering System for Malware Attack Attribution in the Edge Layer of Cyber-Physical Networks

The rapid increase in the number of malicious programs has made malware forensics a daunting task and caused users’ systems to become in danger. Timely identification of malware characteristics including its origin and the malware sample family would significantly limit the potential damage of malware. This is a more profound risk in Cyber-Physical Systems (CPSs), where a malware attack may cause significant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS devices, most of the efforts for protecting CPS networks are focused on the edge layer, where the majority of security mechanisms are deployed. Since the majority of advanced and sophisticated malware programs are combining features from different families, these malicious programs are not similar enough to any existing malware family and easily evade binary classifier detection. Therefore, in this article, we propose a novel multilabel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide insight into applicable malware threats to the CPS network. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multilabel classifier does not classify a part of samples. We named this problem the instance coverage problem. To overcome this problem, we developed an ensemble-based multilabel fuzzy classification method to suggest the relevance of a malware instance to the stricken families. This classifier identified samples of VirusShare, RansomwareTracker, and BIG2015 with an accuracy of 94.66%, 94.26%, and 97.56%, respectively.

[1]  Yoseba K. Penya,et al.  Idea: Opcode-Sequence-Based Malware Detection , 2010, ESSoS.

[2]  Chris Eagle,et al.  The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler , 2008 .

[3]  Ahmet Sefa Oztas,et al.  IoT and Edge Computing as a Tool for Bowel Activity Monitoring , 2019 .

[4]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[5]  Ali Dehghantanha,et al.  DRTHIS: Deep ransomware threat hunting and intelligence system at the fog layer , 2019, Future Gener. Comput. Syst..

[6]  Lior Rokach,et al.  Data Mining And Knowledge Discovery Handbook , 2005 .

[7]  P. Vinod,et al.  Opcode position aware metamorphic malware detection: Signature vs histogram approach , 2015, 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom).

[8]  Katrin Franke,et al.  A deep neuro-fuzzy method for multi-label malware classification and fuzzy rules extraction , 2017, 2017 IEEE Symposium Series on Computational Intelligence (SSCI).

[9]  Wei Dai,et al.  Control flow-based opcode behavior analysis for Malware detection , 2014, Comput. Secur..

[10]  Ding Yuxin,et al.  Malware detection based on deep learning algorithm , 2017, Neural Computing and Applications.

[11]  Ali Dehghantanha,et al.  Internet of Things security and forensics: Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[12]  Ali Hamzeh,et al.  Visual malware detection using local malicious pattern , 2018, Journal of Computer Virology and Hacking Techniques.

[13]  Mauro Conti,et al.  Detecting Android Malware Leveraging Text Semantics of Network Flows , 2017, IEEE Transactions on Information Forensics and Security.

[14]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[15]  Katrin Franke,et al.  Understanding Neuro-Fuzzy on a class of multinomial malware detection problems , 2016, 2016 International Joint Conference on Neural Networks (IJCNN).

[16]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[17]  YuxinDing,et al.  Malware detection based on deep learning algorithm , 2019 .

[18]  Mark Stamp,et al.  Hunting for metamorphic engines , 2006, Journal in Computer Virology.

[19]  Ali Dehghantanha,et al.  Intelligent OS X malware threat detection with code inspection , 2018, Journal of Computer Virology and Hacking Techniques.

[20]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..

[21]  Fabrizio Sebastiani,et al.  Machine learning in automated text categorization , 2001, CSUR.

[22]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[23]  Md. Rafiqul Islam,et al.  A hybrid-multi filter-wrapper framework to identify run-time behaviour for fast malware detection , 2018, Future Gener. Comput. Syst..

[24]  Subhash C. Bagui,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2005, Technometrics.

[25]  Mauro Conti,et al.  A machine learning based approach to detect malicious android apps using discriminant system calls , 2019, Future Gener. Comput. Syst..

[26]  Ludmila I. Kuncheva,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2004 .

[27]  Jiyong Jang,et al.  Experimental study of fuzzy hashing in malware clustering analysis , 2015 .

[28]  Grigorios Tsoumakas,et al.  Mining Multi-label Data , 2010, Data Mining and Knowledge Discovery Handbook.

[29]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[30]  Shie-Jue Lee,et al.  Multilabel Text Categorization Based on Fuzzy Relevance Clustering , 2014, IEEE Transactions on Fuzzy Systems.

[31]  Ali Dehghantanha,et al.  Machine learning aided Android malware classification , 2017, Comput. Electr. Eng..

[32]  Yoram Singer,et al.  BoosTexter: A Boosting-based System for Text Categorization , 2000, Machine Learning.