ShellCore: Automating Malicious IoT Software Detection Using Shell Commands Representation
- 주제(키워드) Internet of Things (IoT) security , Linux shell commands , machine learning , malware detection
- 관리정보기술 faculty
- 등재 SCIE, SCOPUS
- OA유형 Green Submitted
- 발행기관 Institute of Electrical and Electronics Engineers Inc.
- 발행년도 2022
- 세부유형 Article
- URI http://www.dcollection.net/handler/ewha/000000190296
- 본문언어 영어
- Published As https://doi.org/10.1109/JIOT.2021.3086398
초록/요약
The Linux shell is a command-line interpreter that provides users with a command interface to the operating system, allowing them to perform various functions. Although very useful in building capabilities at the edge, the Linux shell can be exploited, giving adversaries a prime opportunity to use them for malicious activities. With access to Internet of Things (IoT) devices, malware authors can abuse the Linux shell of those devices to propagate infections and launch large-scale attacks, e.g., Distributed Denial of Service. In this work, we provide a first look at the tasks managed by shell commands in Linux-based IoT malware toward detection. We analyze malicious shell commands found in IoT malware and build a neural network-based model, ShellCore, to detect malicious shell commands. Namely, we collected a large data set of shell commands, including malicious commands extracted from 2891 IoT malware samples and benign commands collected from real-world network traffic analysis and volunteered data from Linux users. Using conventional machine and deep learning-based approaches trained with a term- and character-level features, ShellCore is shown to achieve an accuracy of more than 99% in detecting malicious shell commands and files (i.e., binaries). © 2014 IEEE.
more