DOI QR코드

DOI QR Code

SPRT-based Collaboration Construction for Malware Detection in IoT

  • Jun-Won, Ho (Department of Information Security, Seoul Women's University)
  • Received : 2022.12.28
  • Accepted : 2023.01.05
  • Published : 2023.03.31

Abstract

We devise a collaboration construction method based on the SPRT (Sequential Probability Ratio Test) for malware detection in IoT. In our method, high-end IoT nodes having capable of detecting malware and generating malware signatures harness the SPRT to give a reward of malware signatures to low-end IoT nodes providing useful data for malware detection in IoT. We evaluate our proposed method through simulation. Our simulation results indicate that the number of malware signatures provided for collaboration is varied in accordance with the threshold for fraction of useful data.

Keywords

Acknowledgement

This work was supported by a research grant from Seoul Women's University(2023-0004).

References

  1. A. Wald. Sequential Analysis, Dover, 2004.
  2. Ho, Jun-Won. Interactive method and apparatus for defending against zero-day malware. Republic of Korea Patent.Registration Number/Date: 10-2022-0157667 (2022.11.22).
  3. R. El-Sayed, A. El-Ghamry, T. Gaber and A. E. Hassanien, "Zero-Day Malware Classification Using Deep Features with Support Vector Machines," 2021 Tenth International Conference on Intelligent Computing and Information Systems (ICICIS), Cairo, Egypt, 2021, pp. 311-317, DOI: https://doi.org/10.1109/ICICIS52592.2021.9694256.
  4. D. -O. Won, Y. -N. Jang and S. -W. Lee, "PlausMal-GAN: Plausible Malware Training Based on Generative Adversarial Networks for Analogous Zero-day Malware Detection," in IEEE Transactions on Emerging Topics in Computing, DOI: https://10.1109/TETC.2022.3170544.
  5. D. C. DElia, E. Coppa, F. Palmaro, and L. Cavallaro. "On the Dissection of Evasive Malware," in IEEE Transactions on Information Forensics and Security, vol. 15, pp. 2750-2765, 2020. DOI: https://doi.org/10.1109/TIFS.2020.2976559.
  6. J. Zhang, Z. Gu, J. Jang, D. Kirat, M. Stoecklin, X. Shu, and H. Huang. Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic. In50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2020, pp. 76-87.
  7. W. Diao, X. Liu, Z. Li, and K. Zhang. Evading Android Runtime Analysis Through Detecting Programmed Interactions. In ACM WiSec, 2016. DOI: https://doi.org/10.1145/2939918.2939926.
  8. N. Miramirkhani, M. P. Appini, N. Nikiforakis, and M. Polychronakis. Spotless Sandboxes: Evading Malware Analysis Systems using Wear-and-Tear Artifacts. 2017 IEEE Symposium on Security and Privacy (SP), pp. 1009-1024, 2017. DOI: https://doi.org/ 10.1109/SP.2017.42.
  9. D. Kirat, G. Vigna, and C. Kruegel. BareCloud: Bare-metal Analysis based Evasive Malware Detection. In Usenix Security, 2014.
  10. L. Bello and M. Pistoia. Ares: Triggering Payload of Evasive Android Malware. In IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft), pp. 2-12, 2018.