DL-FHMC: Deep Learning-Based Fine-Grained Hierarchical Learning Approach for Robust Malware Classification
- 주제(키워드) Malware , Deep learning , Static analysis , Robustness , Machine learning , Internet of Things , Machine learning algorithms , Adversarial machine learning , deep learning , Internet of Things , malware detection , adversarial attacks
- 주제(기타) Computer Science, Hardware & Architecture
- 주제(기타) Computer Science, Information Systems
- 주제(기타) Computer Science, Software Engineering
- 설명문(일반) [Abusnaina, Ahmed; Anwar, Afsah; Mohaisen, David] Univ Cent Florida, Dept Comp Sci, Orlando, FL 32816 USA; [Abuhamad, Mohammed] Loyola Univ, Dept Comp Sci, Chicago, IL 60660 USA; [Alasmary, Hisham] King Khalid Univ, Dept Comp Sci, Abha 61421, Saudi Arabia; [Jang, Rhongho] Wayne State Univ, Dept Comp Sci, Detroit, MI 48202 USA; [Salem, Saeed] North Dakota State Univ, Dept Comp Sci, Fargo, ND 58105 USA; [Nyang, Daehun] Ewha Women Univ, Dept Cyber Secur, Seoul 03760, South Korea
- 관리정보기술 faculty
- 등재 SCIE, SCOPUS
- 발행기관 IEEE COMPUTER SOC
- 발행년도 2022
- 세부유형 Article
- URI http://www.dcollection.net/handler/ewha/000000194537
- 본문언어 영어
- Published As https://doi.org/10.1109/TDSC.2021.3097296
초록/요약
The acceptance of the Internet of Things (IoT) for both household and industrial applications is accompanied by the rapid growth of IoT malware. With the increase of their attack surface, analyzing, understanding, and detecting IoT malicious behavior are crucial. Traditionally, machine and deep learning-based approaches are used for malware detection and behavioral understanding. However, recent research has shown the susceptibility of those approaches to adversarial attacks by introducing noise to the feature space. In this work, we introduce DL-FHMC, a fine-grained hierarchical learning approach for robust IoT malware detection. DL-FHMC utilizes Control Flow Graph (CFG)-based behavioral patterns for adversarial IoT malicious software detection. In particular, we extract a comprehensive list of behavioral patterns from a large dataset of malicious IoT binaries, represented by the shared execution flows, and use them as a modality for malicious behavior detection. Leveraging machine learning and subgraph isomorphism matching algorithms, DL-FHMC provides state-of-the-art performance in detecting malware samples and adversarial examples (AEs). We first highlight the caveats of CFG-based IoT malware detection systems, showing the adversarial capabilities in generating practical functionality-preserving AEs with reduced overhead using Graph Embedding and Augmentation (GEA) techniques. We then introduce Suspicious Behavior Detector, a component that extracts comprehensive behavioral patterns from three popular IoT malicious families, Gafgyt, Mirai, and Tsunami, for AEs detection with high accuracy. The proposed detector operates as a model-independent standalone module, with no prior assumptions of the adversarial attacks nor their configurations.
more