Cargando…
MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS
With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware o...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10051615/ https://www.ncbi.nlm.nih.gov/pubmed/36991771 http://dx.doi.org/10.3390/s23063060 |
| _version_ | 1785014930995412992 |
|---|---|
| author | Zhao, Yang Kuerban, Alifu |
| author_facet | Zhao, Yang Kuerban, Alifu |
| author_sort | Zhao, Yang |
| collection | PubMed |
| description | With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy. |
| format | Online Article Text |
| id | pubmed-10051615 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-100516152023-03-30 MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS Zhao, Yang Kuerban, Alifu Sensors (Basel) Article With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy. MDPI 2023-03-13 /pmc/articles/PMC10051615/ /pubmed/36991771 http://dx.doi.org/10.3390/s23063060 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Zhao, Yang Kuerban, Alifu MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS |
| title | MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS |
| title_full | MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS |
| title_fullStr | MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS |
| title_full_unstemmed | MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS |
| title_short | MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS |
| title_sort | mdabp: a novel approach to detect cross-architecture iot malware based on paas |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10051615/ https://www.ncbi.nlm.nih.gov/pubmed/36991771 http://dx.doi.org/10.3390/s23063060 |
| work_keys_str_mv | AT zhaoyang mdabpanovelapproachtodetectcrossarchitectureiotmalwarebasedonpaas AT kuerbanalifu mdabpanovelapproachtodetectcrossarchitectureiotmalwarebasedonpaas |