簡易檢索 / 詳目顯示

回結果列表
研究生: 李彥廷
Yen-Ting Lee
論文名稱: 基於可讀字串對物聯網惡意軟體家族進行跨平台分類
Cross Platform IoT Malware Family Classification Based on Printable Strings
指導教授: 鄭欣明
Shin-Ming Cheng
口試委員: 李漢銘
Hahn-Ming Lee
黃俊穎
Chun-Ying Huang
蕭旭君
Hsu-Chun Hsiao
游家牧
Chia-Mu Yu
學位類別: 碩士
Master
系所名稱: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
論文出版年: 2020
畢業學年度: 108
語文別: 英文
論文頁數: 39
中文關鍵詞: 跨平台分析靜態分析惡意軟體分析機器學習物聯網惡意軟體
外文關鍵詞: cross-platform analysis, static analysis, malware analysis, machine learning, IoT malware
相關次數: 點閱:273下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 在這個網路快速發展的時代,物聯網(IoT)的安全考量受到研究和商業領域的關注。由於計算資源有限、不友好的介面以及較差的軟體操作,舊式物聯網設備便容易被許多有名的惡意軟體攻擊。此外,物聯網平台的異構性和惡意軟體的多樣性使物聯網惡意軟體的檢測和分類更具挑戰性。在本文中,我們建議使用可讀字串作為容易提取且有效的跨平台特徵,並且在不同物聯網平台上辨識物聯網惡意軟體。這些字串的分類能力已透過針對不同平台上的惡意軟體家族分類任務使用機器學習演算法進行了驗證。當在同一平台進行訓練和測試時,這個方法在由12萬個ELF binaries組成的大規模物聯網惡意軟體數據集上可達到99%的預測準確率,另外在一些常見的物聯網平台上訓練分類器並且在不同平台進行測試時,也可以達到96%的準確率。本文證明了透過可讀字串可以有效地預防惡意軟體和緩解解決方案,並且將其用於物聯網惡意軟體的跨平台分析。

    In this era of rapid network development, Internet of Things (IoT) security considerations receive a lot of attention from both the research and commercial sectors. With limited computation resource, unfriendly interface, and poor software implementation, legacy IoT devices are vulnerable to many infamous malware. Moreover, the heterogeneity of IoT platforms and the variety of IoT malware make the detection and classification of IoT malware even more challenging. In this paper, we propose to use printable strings as an easy-to-get but effective cross-platform feature to identify IoT malware on different IoT platforms. The discriminating capability of these strings are verified using a set of machine learning algorithms on the task of malware family classification across different platforms. The proposed scheme shows a 99% prediction accuracy on a large scale IoT malware dataset consisted of 120K ELF binaries when the training and test are done on the same platform. Meanwhile, it also achieves a 96% accuracy when the learning is done on a few popular IoT platforms but the test is done on different platforms. Efficient malware prevention and mitigation solutions can be enabled with printable strings as an effective feature for cross-platform IoT malware analysis.

    Chinese Abstract Abstract Table of Contents List of Tables List of Illustration 1 Introduction 2 Related Work 2.1 Dynamic analysis based approaches 2.2 Static analysis based malware detection 3 Cross Platform Analysis: Problem Definition 3.1 Motivation 3.2 Effective features 3.3 Formal problem definition 4 Methodology 4.1 Feature Extraction 4.1.1 String length frequency vectors 4.1.2 Printable string information vectors 4.2 Feature selection 4.3 Machine-learning based model 5 Performance Evaluation 5.1 Dataset 5.2 Proposed method performance evaluation 5.2.1 Performance before feature selection 5.2.2 Feature selection result 5.2.3 Common machine learning algorithm comparison 5.3 Static features comparison 5.4 String type evaluation 6 Conclusion

    [1] M. A. Al-Garadi, A. Mohamed, A. Al-Ali, X. Du, I. Ali, and M. Guizani,
    “A survey of machine and deep learning methods for Internet of Things (IoT)
    security,” IEEE Communications Surveys & Tutorials, Apr. 2020.
    [2] A. Costin and J. Zaddach, “IoT malware: Comprehensive survey, analysis
    framework and case studies,” BlackHat USA, 2018.
    [3] M. Alhanahnah, Q. Lin, Q. Yan, N. Zhang, and Z. Chen, “Efficient signature
    generation for classifying cross-architecture IoT malware,” in Proc. IEEE CNS
    2018, Jun. 2018, pp. 1–9.
    [4] R. Ito and M. Mimura, “Detecting unknown malware from ASCII strings with
    natural language processing techniques,” in Proc. 14th AsiaJCIS 2019, Aug.
    2019, pp. 1–8.
    [5] Q.-D. Ngo, H.-T. Nguyen, L.-C. Nguyen, and D.-H. Nguyen, “A survey of IoT
    malware and detection methods based on static features,” ICT Express, Apr.
    2020.
    [6] S.-M. Cheng, T. Ban, J.-W. Huang, B.-K. Hong, and D. Inoue, “ELF analyzer
    demo: Online identification for IoT malwares with multiple hardware architectures,”
    in Proc. IEEE S&P workshop 2020, 2020.
    [7] “Virustotal,” https://www.virustotal.com.
    [8] X. Xiao, S. Zhang, F. Mercaldo, G. Hu, and A. K. Sangaiah, “Android malware
    detection based on system call sequences and LSTM,” Multimedia Tools and
    Applications, pp. 3979–3999, Feb. 2019.
    [9] M. Shobana and S. Poonkuzhali, “A novel approach to detect IoT malware by
    system calls using deep learning techniques,” in Proc. ICITIIT 2020, Feb. 2020,
    pp. 1–5.
    [10] S. Wang, Z. Chen, Q. Yan, B. Yang, L. Peng, and Z. Jia, “A mobile malware detection
    method using behavior features in network traffic,” Journal of Network
    and Computer Applications, vol. 133, pp. 15–25, May 2019.
    [11] H. Darabian, A. Dehghantanha, S. Hashemi, S. Homayoun, and K.-K. R. Choo,
    “An opcode-based technique for polymorphic Internet of Things malware detection,”
    Concurrency and Computation: Practice and Experience, vol. 32, no. 6,
    p. e5173, Feb. 2020.
    [12] H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A
    deep recurrent neural network based approach for Internet of Things malware
    threat hunting,” Future Generation Computer Systems, vol. 85, pp. 88–96, Mar.
    2018.
    [13] B. Kang, S. Y. Yerima, K. McLaughlin, and S. Sezer, “N-opcode analysis for android
    malware classification and categorization,” in Proc. IEEE Cyber Security
    2016, Jun. 2016, pp. 1–7.
    [14] A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust malware detection
    for Internet of (Battlefield) Things devices using deep eigenspace learning,”
    IEEE transactions on sustainable computing, vol. 4, no. 1, pp. 88–95, Feb. 2018.
    [15] E. M. Dovom, A. Azmoodeh, A. Dehghantanha, D. E. Newton, R. M. Parizi,
    and H. Karimipour, “Fuzzy pattern tree for edge malware detection and categorization
    in IoT,” Journal of Systems Architecture, vol. 97, pp. 1–7, Aug.
    2019.
    [16] D. Yuxin and Z. Siyi, “Malware detection based on deep learning algorithm,”
    Neural Computing and Applications, vol. 31, no. 2, pp. 461–472, Feb. 2019.
    [17] F. Shahzad and M. Farooq, “ELF-miner: Using structural knowledge and data
    mining methods to detect new (linux) malicious executables,” Knowledge and
    information systems, vol. 30, no. 3, pp. 589–612, Mar. 2012.
    [18] H. Alasmary, A. Anwar, J. Park, J. Choi, D. Nyang, and A. Mohaisen, “Graphbased
    comparison of IoT and android malware,” in Proc. Computational Social
    Networks 2018, Nov. 2018, pp. 259–272.
    [19] H. Alasmary, A. Khormali, A. Anwar, J. Park, J. Choi, A. Abusnaina, A. Awad,
    D. Nyang, and A. Mohaisen, “Analyzing and detecting emerging Internet of
    Things malware: a graph-based approach,” IEEE Internet Things J., vol. 6,
    no. 5, pp. 8977–8988, Jul. 2019.
    [20] R. Islam, R. Tian, L. M. Batten, and S. Versteeg, “Classification of malware
    based on integrated static and dynamic features,” Journal of Network and
    Computer Applications, vol. 36, no. 2, pp. 646–656, Mar. 2013.
    [21] E. Foundation, “Iot commercial adoption survey 2019 results,” 2019.
    [22] I. Guyon, J. Weston, S. Barnhill, and V. Vapnik, “Gene selection for cancer
    classification using support vector machines,” Machine learning, vol. 46, no.
    1-3, pp. 389–422, Jan. 2002.
    [23] F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel,
    M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos,
    D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay, “Scikit-learn: Machine
    learning in Python,” Journal of Machine Learning Research, vol. 12, pp.
    2825–2830, 2011.
    [24] T.-L. Wan, T. Ban, Y.-T. Lee, S.-M. Cheng, R. Isawa, T. Takahashi, and
    D. Inoue, “IoT-malware detection based on byte sequences of executable files,”
    in Proc. IEEE ASIAJCIS 2020, 2020.

    無法下載圖示 全文公開日期 2025/08/20 (校內網路)
    全文公開日期 2025/08/20 (校外網路)
    全文公開日期 2025/08/20 (國家圖書館:臺灣博碩士論文系統)
    QR CODE