{"title":"基于马尔可夫链行为模型的物联网恶意软件检测","authors":"M. Ficco","doi":"10.1109/IC2E.2019.00037","DOIUrl":null,"url":null,"abstract":"Internet of Things (IoT) is become one of the most important technological sector in recent years, and the focus of attention in many fields, including military applications, healthcare, agriculture, industry, and space science, made it very attractive for cyber-attacks. Especially for the wide diffusion of the Adroid platform, the IoT devices are become one of the main targets of malware threats. Considering the great Android market share, it is needed to build effective tools able of detecting zero-day malware. Therefore, several static and dynamic analysis methods have been proposed in the literature. In this work, the sequences of API calls invoked by apps during their execution are modeled by Markov chains, and used to extract features of the apps through the time, needed for malware classification. The considered dataset includes 22K benign applications and 24K malware collected over different shared datasets. Experimental results show that the Markov chain approach detects malware with up to 89% F-measure and outperforms approaches based on API calls frequency.","PeriodicalId":226094,"journal":{"name":"2019 IEEE International Conference on Cloud Engineering (IC2E)","volume":"111 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":"{\"title\":\"Detecting IoT Malware by Markov Chain Behavioral Models\",\"authors\":\"M. Ficco\",\"doi\":\"10.1109/IC2E.2019.00037\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Internet of Things (IoT) is become one of the most important technological sector in recent years, and the focus of attention in many fields, including military applications, healthcare, agriculture, industry, and space science, made it very attractive for cyber-attacks. Especially for the wide diffusion of the Adroid platform, the IoT devices are become one of the main targets of malware threats. Considering the great Android market share, it is needed to build effective tools able of detecting zero-day malware. Therefore, several static and dynamic analysis methods have been proposed in the literature. In this work, the sequences of API calls invoked by apps during their execution are modeled by Markov chains, and used to extract features of the apps through the time, needed for malware classification. The considered dataset includes 22K benign applications and 24K malware collected over different shared datasets. Experimental results show that the Markov chain approach detects malware with up to 89% F-measure and outperforms approaches based on API calls frequency.\",\"PeriodicalId\":226094,\"journal\":{\"name\":\"2019 IEEE International Conference on Cloud Engineering (IC2E)\",\"volume\":\"111 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"28\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Conference on Cloud Engineering (IC2E)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IC2E.2019.00037\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Conference on Cloud Engineering (IC2E)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IC2E.2019.00037","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting IoT Malware by Markov Chain Behavioral Models
Internet of Things (IoT) is become one of the most important technological sector in recent years, and the focus of attention in many fields, including military applications, healthcare, agriculture, industry, and space science, made it very attractive for cyber-attacks. Especially for the wide diffusion of the Adroid platform, the IoT devices are become one of the main targets of malware threats. Considering the great Android market share, it is needed to build effective tools able of detecting zero-day malware. Therefore, several static and dynamic analysis methods have been proposed in the literature. In this work, the sequences of API calls invoked by apps during their execution are modeled by Markov chains, and used to extract features of the apps through the time, needed for malware classification. The considered dataset includes 22K benign applications and 24K malware collected over different shared datasets. Experimental results show that the Markov chain approach detects malware with up to 89% F-measure and outperforms approaches based on API calls frequency.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
