Top

International Journal of Information Security

Published in:

23-10-2019 | Regular Contribution

A novel graph-based approach for IoT botnet detection

Published in: International Journal of Information Security | Issue 5/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The Internet of things (IoT) is the extension of Internet connectivity into physical devices and everyday objects. These IoT devices can communicate with others over the Internet and fully integrate into people’s daily life. In recent years, IoT devices still suffer from basic security vulnerabilities making them vulnerable to a variety of threats and malware, especially IoT botnets. Unlike common malware on desktop personal computer and Android, heterogeneous processor architecture issue on IoT devices brings various challenges for researchers. Many studies take advantages of well-known dynamic or static analysis for detecting and classifying botnet on IoT devices. However, almost studies yet cannot address the multi-architecture issue and consume vast computing resources for analyzing. In this paper, we propose a lightweight method for detecting IoT botnet, which based on extracting high-level features from function–call graphs, called PSI-Graph, for each executable file. This feature shows the effectiveness when dealing with the multi-architecture problem while avoiding the complexity of control flow graph analysis that is used by most of the existing methods. The experimental results show that the proposed method achieves an accuracy of 98.7%, with the dataset of 11,200 ELF files consisting of 7199 IoT botnet samples and 4001 benign samples. Additionally, a comparative study with other existing methods demonstrates that our approach delivers better outcome. Lastly, we make the source code of this work available to Github.

previous article Analysis of some simple stabilizers for physically obfuscated keys

next article Key pre-distribution approach using block LU decomposition in wireless sensor network

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Burhan, M., Rehman, R.A., Khan, B., Kim, B.-S.: IoT elements, layered architectures and security issues: a comprehensive survey. Sensors 18(9), 2796 (2018)CrossRef

Tankard, C.: Digital pathways, the security issues of the internet of things. Comput Fraud Secur 2015(9), 11–14 (2015)CrossRef

Gartner. https://www.gartner.com/newsroom/id/3291817. Accessed 10 Feb 2019

New trends in the world of IoT threats. https://securelist.com/new-trends-in-the-world-of-iot-threats/87991. Accessed 10 May 2019

Angrishi, K.: Turning Internet of Things (IoT) into Internet of Vulnerabilities (IoV): IoT Botnets, preprint (2017). arXiv:1702.03681

De Donno, Michele, Dragon, Nicola, Giaretta, Alberto: DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation. Journal Security and Communication Networks. Wiley, London (2018)

Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: a novel honenypot for revealing current IoT threats. J. Inf. Process. 24, 522–533 (2016)

Tran, N.-P. et al.: Towards malware detection in routers with C500-toolkit. In: 5th International Conference on Information and Communication Technology (ICoIC7). IEEE, pp. 1–5 (2017)

Hampton, N., Szewczyk, P.: A survey and method for analysing SOHO router firmware currency. In: 13th Australian Information Security Management Conference, pp. 11-27 (2015)

10.

Alhanahnah, M., Lin, Q., Yan, Q.: Efficient signature generation for classifying cross-architecture IoT malware. In: Conference on Communications and Network Security (CNS). IEEE, pp. 1–9 (2018)

11.

Isawa, R.: Evaluating disassembly-code based similarity between IoT malware samples. In: 2018 13th Asia Joint Conference on Information Security (AsiaJCIS). IEEE, pp. 89–94 (2018)

12.

Su, J., Vasconcellos D., Prasad, S., Sgandurra, D., Feng, Y., Sakurai, K.:Lightweight classification of IoT malware based on image recognition. In: 2018 42nd Annual Computer Software and Applications Conference (COMPSAC). IEEE, pp. 664–669 (2018)

13.

Chang, K.-C., Tso, R., Tsai, M.-C.: IoT sandbox: to analysis IoT malware Zollard. In: Proceedings of the Second International Conference on Internet of things and Cloud Computing. ACM, pp. 4–12 (2017)

14.

McDermott, C.D., Majdani, F., Petrovski, A.V.: Botnet detection in the internet of things using deep learning approaches. In: International Joint Conference on Neural Networks (IJCNN). IEEE, pp. 1–8 (2018)

15.

Nath, H.V., Mehtre, B.M.: Static malware analysis using machine learning methods. In: Security in Computer Networks and Distributed Systems (SNDS). Springer, Berlin, pp. 440–450 (2014)

16.

Kang, B., Yang, J., So, J., Kim, C.Y.: Detecting trigger-based behaviors in botnet malware. In: Proceedings of the 2015 Conference on research in Adaptive and Convergent Systems. ACM, pp. 274–279 (2015)

17.

Kapoor, A., Dhavale, S.: Control flow graph based multiclass malware detection using bi-normal separation. Def. Sci. J. 66(2), 138–145 (2016)CrossRef

18.

Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding Linux Malware. In: Symposium on Security and Privacy. IEEE, pp. 870–884 (2018)

19.

Azmoodeh, A., Dehghantanha, A., Choo, K.K.R.: Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4(1), 88–95 (2018)CrossRef

20.

Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J Netw. Comput. Appl. 36(2), 646–656 (2013)CrossRef

21.

Nguyen, H.T., Ngo, Q.D., Le, V.H.: IoT botnet detection approach based on PSI-graph and DGCNN classifier. In: International Conference on Information Communication and Signal Processing (ICICSP). IEEE, pp. 118–122 (2018)

22.

HaddadPajouh, H., Dehghantanha, A., Khayami, R., Choo, K.K.R.: A deep recurrent neural network based approach for internet of things malware threat hunting. Future Gener. Comput. Syst. 85, 88–88 (2018)CrossRef

23.

Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security. ACM, pp. 4–11 (2011)

24.

Jung, B., Kim, T., Im, E.G.: Malware classification using byte sequence information. In: Proceedings of the Conference on Research in Adaptive and Convergent Systems. ACM, pp. 143–148 (2018)

25.

Hachem, N., et al., Botnets: lifecycle and taxonomy. In: 2011 Conference on Network and Information Systems Security. IEEE, pp. 1–8 (2011)

26.

Silva, S.S.C., et al.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)CrossRef

27.

Sudhakar, K., Kumar, S.: Botnet detection techniques and research challenges. In: International Conference on Advances in Energy-Efficient Computing and Communication (2019)

28.

Khoshhalpour, E., Shahriari, H.R.: BotRevealer: behavioral detection of botnets based on botnetlife-cycle. ISC Int. J. Inf. Secur. 10(1), 55–61 (2018)

29.

Prokofiev, A.O. et al.: A method to detect internet of things botnets. In: Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). IEEE, pp. 105–108 (2018)

30.

Narayanan, A. et al.: graph2vec: Learning Distributed Representations of Graphs, preprint (2017). arXiv:1707.05005

31.

Xu, M., et al.: A similarity metric method of obfuscated malware using function-call graph. J. Comput. Virol. Hacking Tech. 9(1), 35–47 (2013)MathSciNetCrossRef

32.

Detect-It-Easy. https://github.com/horsicq/Detect-It-Easy. Accessed 12 Feb 2019

33.

The Ultimate Packer for eXecutables. https://github.com/upx. Accessed 12 Feb 2019

34.

Eagle, C.: The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler. William Pollock, Clifton (2011)

35.

Shang, S., Zheng, N., Xu, J., Xu, M., Zhang, H.: Detecting malware variants via function-call graph similarity. In: International Conference on Malicious and Unwanted Software. IEEE, pp. 113–120 (2010)

36.

Hallman, R., Bryan, J., Palavicini, G., Divita, J., Romero-Mariona, J.: IoDDoS-the internet of distributed denial of sevice attacks. In: Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security (IoTBDS), pp. 47–58 (2017)

37.

Le, Q., Mikolov, T.: Distributed Representations of Sentences and Documents. In: Proceedings of the 31st International Conference on Machine Learning, pp. 1188–1196 (2014)

38.

DeepBench. https://github.com/baidu-research/DeepBench. Accessed 10 Feb 2019

39.

Kim, Y.: Convolutional neural networks for sentence classification. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP). Association for Computational Linguistics, pp. 1746–1751 (2014)

40.

VirusShare. https://virusshare.com. Accessed 13 Jan 2019

41.

Firmware Analysis Toolkit. https://github.com/ReFirmLabs/binwalk. Accessed 13 Jan 2019

42.

OpenWrt. https://openwrt.org/. Accessed 13 Jan 2019

43.

Pytorch. https://github.com/pytorch/pytorch. Accessed 13 Jan 2019

44.

VirusTotal. https://www.virustotal.com. Accessed 14 Jan 2019

Title: A novel graph-based approach for IoT botnet detection
Publication date: 23-10-2019
Published in: International Journal of Information Security / Issue 5/2020
Print ISSN: 1615-5262
Electronic ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-019-00475-6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 5/2020

DroidRista: a highly precise static data flow analysis framework for android applications

Random dictatorship for privacy-preserving social choice

Analysis of some simple stabilizers for physically obfuscated keys

Cyberattack triage using incremental clustering for intrusion detection systems

Digital Waste Disposal: an automated framework for analysis of spam emails

Key pre-distribution approach using block LU decomposition in wireless sensor network

Premium Partner