Browse > Article
http://dx.doi.org/10.3745/KTSDE.2022.11.5.197

IoT Malware Detection and Family Classification Using Entropy Time Series Data Extraction and Recurrent Neural Networks  

Kim, Youngho (단국대학교 컴퓨터학과)
Lee, Hyunjong ((주)케이사인 보안기술연구소)
Hwang, Doosung (단국대학교 소프트웨어학과)
Publication Information
KIPS Transactions on Software and Data Engineering / v.11, no.5, 2022 , pp. 197-202 More about this Journal
Abstract
IoT (Internet of Things) devices are being attacked by malware due to many security vulnerabilities, such as the use of weak IDs/passwords and unauthenticated firmware updates. However, due to the diversity of CPU architectures, it is difficult to set up a malware analysis environment and design features. In this paper, we design time series features using the byte sequence of executable files to represent independent features of CPU architectures, and analyze them using recurrent neural networks. The proposed feature is a fixed-length time series pattern extracted from the byte sequence by calculating partial entropy and applying linear interpolation. Temporary changes in the extracted feature are analyzed by RNN and LSTM. In the experiment, the IoT malware detection showed high performance, while low performance was analyzed in the malware family classification. When the entropy patterns for each malware family were compared visually, the Tsunami and Gafgyt families showed similar patterns, resulting in low performance. LSTM is more suitable than RNN for learning temporal changes in the proposed malware features.
Keywords
Internet of Things; Machine Learning; Malware Detection; Malware Family Classification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Statista, "Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2030," 2020.
2 M. B. Barcena and C. Wueest, "Insecurity in the internet of things," Security Response, Symantec, 2015.
3 J. Gamblin, Mirai Source Code [Internet], https://github.com/jgamblin/Mirai-Source-Code.
4 AhnLab, "Mirai variant malware analysis report," ASEC Report, Vol.100, 2020.
5 E. Cozzi, M. Graziano, Y. Fratantonio, and D. Balzarotti, "Understanding linux malware," In 2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018.
6 R. Sihwail, K. Omar, and K. A. Z. Ariffin, "A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis," International Journal on Advanced Science, Engineering and Information Technology, Vol.8, No.4-2, pp.1662-1671, 2018.   DOI
7 H. Darabian, A. Dehghantanha, S. Hashemi, S. Homayoun, and K. K. R. Choo, "An opcode-based technique for polymorphic Internet of Things malware detection," Concurrency and Computation Practice and Experience, Vol.32, No.6, pp.e5173, 2019.
8 M. D. Zeiler and R. Fergus, "Visualizing and understanding convolution networks," European Conference on Computer Vision, Springer, Cham, 2014.
9 R. Lyda and J. Hamrock, "Using entropy analysis to find encrpyted and packed malware," IEEE Security & Privacy, Vol.5, No.2, pp.40-45, 2007.
10 I. Sorokin, "Comparing files using structural entropy," Journal in Computer Virology, Vol.7, No.4, pp.259-265, 2011.   DOI
11 A. S. Gillis, "What is IoT (Internet of Things) and how does it work," IoT Agenda, TechTarget, 11, 2020.
12 N. Woolf, "DDoS attack that disrupted internet was largest of its kind in history, experts say," The Guardian, 26, 2016.
13 Y. Ye, T. Li, D. Adjeroh, and S. S. Iyengar, "A survey on malware detection using data mining techniques," ACM Computing Surveys (CSUR), Vol.50, No.3, pp.1-40, 2017.
14 T. L. Wan et al., "Efficient detection and classification of internet-of-things malware based on byte sequences from executable files," IEEE Open Journal of the Computer Society, Vol.1, pp.262-275, 2020.   DOI
15 J. Jeon, J. H. Park, and Y. Jeong, "Dynamic analysis for IoT malware detection with convolution neural network model," IEEE Access, Vol.8, pp.96899-96911, 2020.   DOI
16 I. Miliaraki, K. Berberich, R. Genmulla, and S. Zoupanos, "Mind the gap: Large-scale frequent sequence mining," In Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data, ACM, 2013.
17 S. Goki, "Deep learning from scratch 2," Oreilly, 2019.
18 Malwares.com [Internet], https://www.malwares.com/.
19 Kaspersky [Internet], https://www.kaspersky.co.kr/.