基于系统调用的物联网恶意软件分类

2020 RIVF International Conference on Computing and Communication Technologies (RIVF) Pub Date : 2020-10-01 DOI:10.1109/RIVF48685.2020.9140763

Kien Hoang Dang, D. Nguyen, Duy Loi Vu

{"title":"基于系统调用的物联网恶意软件分类","authors":"Kien Hoang Dang, D. Nguyen, Duy Loi Vu","doi":"10.1109/RIVF48685.2020.9140763","DOIUrl":null,"url":null,"abstract":"IoT devices play an important role in the industrial revolution 4.0. However, this type of device may exhibit specific security vulnerabilities that can be easily exploited to cause botnet attacks and other malicious activities. In this paper, we introduce a new method for classification and clustering of IoT malware behaviors through system call monitoring. Our method is constructed from multiple one-class SVM classifiers and has the ability to classify known malware with F1-Score over 98% and probability to detect unknown malware up to 97%. Unknown malware instances with similar behaviors can also be grouped together so new classes of malware will be discovered.","PeriodicalId":169999,"journal":{"name":"2020 RIVF International Conference on Computing and Communication Technologies (RIVF)","volume":"132 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"IoT Malware Classification Based on System Calls\",\"authors\":\"Kien Hoang Dang, D. Nguyen, Duy Loi Vu\",\"doi\":\"10.1109/RIVF48685.2020.9140763\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IoT devices play an important role in the industrial revolution 4.0. However, this type of device may exhibit specific security vulnerabilities that can be easily exploited to cause botnet attacks and other malicious activities. In this paper, we introduce a new method for classification and clustering of IoT malware behaviors through system call monitoring. Our method is constructed from multiple one-class SVM classifiers and has the ability to classify known malware with F1-Score over 98% and probability to detect unknown malware up to 97%. Unknown malware instances with similar behaviors can also be grouped together so new classes of malware will be discovered.\",\"PeriodicalId\":169999,\"journal\":{\"name\":\"2020 RIVF International Conference on Computing and Communication Technologies (RIVF)\",\"volume\":\"132 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 RIVF International Conference on Computing and Communication Technologies (RIVF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RIVF48685.2020.9140763\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 RIVF International Conference on Computing and Communication Technologies (RIVF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RIVF48685.2020.9140763","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

物联网设备在工业革命4.0中发挥着重要作用。然而，这种类型的设备可能会显示出特定的安全漏洞，这些漏洞很容易被利用来引发僵尸网络攻击和其他恶意活动。本文介绍了一种通过系统调用监控对物联网恶意软件行为进行分类和聚类的新方法。我们的方法由多个单类SVM分类器构建而成，能够对已知恶意软件进行分类，F1-Score超过98%，检测未知恶意软件的概率高达97%。具有相似行为的未知恶意软件实例也可以分组在一起，以便发现新的恶意软件类别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IoT Malware Classification Based on System Calls

IoT devices play an important role in the industrial revolution 4.0. However, this type of device may exhibit specific security vulnerabilities that can be easily exploited to cause botnet attacks and other malicious activities. In this paper, we introduce a new method for classification and clustering of IoT malware behaviors through system call monitoring. Our method is constructed from multiple one-class SVM classifiers and has the ability to classify known malware with F1-Score over 98% and probability to detect unknown malware up to 97%. Unknown malware instances with similar behaviors can also be grouped together so new classes of malware will be discovered.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 RIVF International Conference on Computing and Communication Technologies (RIVF)

自引率

0.00%

发文量