Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Dung, Ngo Q.a; * | Viet, Le H.b
Affiliations: [a] Department of Information Technology, Posts and Telecommunications Institute of Technology, Hanoi, Vietnam | [b] Institute of Information Technology, Vietnam Academy of Science and Technology, Hanoi, Vietnam Graduate University of Science and Technology, Vietnam Academy of Science and Technology, Hanoi, Vietnam
Correspondence: [*] Corresponding author. Ngo Q. Dung, Department of Information Technology, Posts and Telecommunications Institute of Technology, Tran Phu Rd., Hanoi 10000, Vietnam. E-mail: [email protected].
Abstract: Nowadays, the number and types of IoT devices are increasing rapidly, which leads to an expansion in the attack surface of this kind of device. Besides, the number of Botnet malware on IoT devices also grows with a lot of new variants. This context leads to an urgent demand for an effective solution in detecting new variants of IoT Botnet malware. There have been many studies focusing on IoT Botnet malware detection using static and dynamic analysis. In particular, the combination of the dynamic method with machine learning has shown outstanding advantages to detect IoT Botnet variants. However, the preprocessing of behavioral data originated from malware is still complicated, and the number of input vector dimensions of the machine learning model is still huge. In addition, these models also consume a lot of resources and have limited detection capabilities. Besides, dynamic analysis studies based on system calls mostly use call frequency characteristics and have not effectively exploited IoT Botnet malware’s life cycle characteristics. In this paper, we propose the Directed System Call Graph (DSCG) feature to sequentially structure the system calls. This DSCG graph will be vectorized and used as an input for building a malware analysis model based on popular machine learning classifiers such as KNN, SVM, Decision Tree, etc. Experiments on the datasets demonstrate that the features extracted from this graph have low complexity but still ensure high accuracy in detecting IoT Botnets, especially with newly emerged IoT Botnet families. The proposed model was evaluated with ACC = 98.01 % , TPR = 97.93 % , FPR = 1.5 % , AUC = 0.9961 on a dataset of 5023 IoT Botnets and 3888 benign samples.
Keywords: IoT Botnet, features extraction, system calls, machine learning, malware detection
DOI: 10.3233/JIFS-211882
Journal: Journal of Intelligent & Fuzzy Systems, vol. 43, no. 5, pp. 5453-5470, 2022
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]