scholarly journals Binary Black-Box Adversarial Attacks with Evolutionary Learning against IoT Malware Detection

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Fangwei Wang ◽  
Yuanyuan Lu ◽  
Changguang Wang ◽  
Qingru Li
Keyword(s):  
Learning Algorithm ◽  
Detection System ◽  
Malware Detection ◽  
Network Function Virtualization ◽  
The Internet ◽  
Detection Accuracy ◽  
Security Threats ◽  
Evolutionary Learning ◽  
Network Function ◽  
Box Models

5G is about to open Pandora’s box of security threats to the Internet of Things (IoT). Key technologies, such as network function virtualization and edge computing introduced by the 5G network, bring new security threats and risks to the Internet infrastructure. Therefore, higher detection and defense against malware are required. Nowadays, deep learning (DL) is widely used in malware detection. Recently, research has demonstrated that adversarial attacks have posed a hazard to DL-based models. The key issue of enhancing the antiattack performance of malware detection systems that are used to detect adversarial attacks is to generate effective adversarial samples. However, numerous existing methods to generate adversarial samples are manual feature extraction or using white-box models, which makes it not applicable in the actual scenarios. This paper presents an effective binary manipulation-based attack framework, which generates adversarial samples with an evolutionary learning algorithm. The framework chooses some appropriate action sequences to modify malicious samples. Thus, the modified malware can successfully circumvent the detection system. The evolutionary algorithm can adaptively simplify the modification actions and make the adversarial sample more targeted. Our approach can efficiently generate adversarial samples without human intervention. The generated adversarial samples can effectively combat DL-based malware detection models while preserving the consistency of the executable and malicious behavior of the original malware samples. We apply the generated adversarial samples to attack the detection engines of VirusTotal. Experimental results illustrate that the adversarial samples generated by our method reach an evasion success rate of 47.8%, which outperforms other attack methods. By adding adversarial samples in the training process, the MalConv network is retrained. We show that the detection accuracy is improved by 10.3%.

scholarly journals Design and Implementation of Virtual Security Function Based on Multiple Enclaves

2021 ◽  
Vol 13 (1) ◽  
pp. 12
Author(s):  
Juan Wang ◽  
Yang Yu ◽  
Yi Li ◽  
Chengyang Fan ◽  
Shirong Hao
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Network Function Virtualization ◽  
Sensitive Data ◽  
Network Function ◽  
State Security ◽  
Security Challenges ◽  
Iot Platforms ◽  
Scalable Network ◽  
Virtual Network Function

Network function virtualization (NFV) provides flexible and scalable network function for the emerging platform, such as the cloud computing, edge computing, and IoT platforms, while it faces more security challenges, such as tampering with network policies and leaking sensitive processing states, due to running in a shared open environment and lacking the protection of proprietary hardware. Currently, Intel® Software Guard Extensions (SGX) provides a promising way to build a secure and trusted VNF (virtual network function) by isolating VNF or sensitive data into an enclave. However, directly placing multiple VNFs in a single enclave will lose the scalability advantage of NFV. This paper combines SGX and click technology to design the virtual security function architecture based on multiple enclaves. In our design, the sensitive modules of a VNF are put into different enclaves and communicate by local attestation. The system can freely combine these modules according to user requirements, and increase the scalability of the system while protecting its running state security. In addition, we design a new hot-swapping scheme to enable the system to dynamically modify the configuration function at runtime, so that the original VNFs do not need to stop when the function of VNFs is modified. We implement an IDS (intrusion detection system) based on our architecture to verify the feasibility of our system and evaluate its performance. The results show that the overhead introduced by the system architecture is within an acceptable range.

scholarly journals Gait Phase Detection Based on Muscle Deformation with Static Standing-Based Calibration

Sensors ◽  
2021 ◽  
Vol 21 (4) ◽  
pp. 1081
Author(s):  
Tamon Miyake ◽  
Shintaro Yamamoto ◽  
Satoshi Hosono ◽  
Satoshi Funabashi ◽  
Zhengxue Cheng ◽  
...  
Keyword(s):  
Learning Algorithm ◽  
Detection System ◽  
Calibration Method ◽  
Detection Algorithm ◽  
Video Data ◽  
Detection Accuracy ◽  
Phase Detection ◽  
Gait Phase ◽  
Logistic Regression Algorithm ◽  
Short Time

Gait phase detection, which detects foot-contact and foot-off states during walking, is important for various applications, such as synchronous robotic assistance and health monitoring. Gait phase detection systems have been proposed with various wearable devices, sensing inertial, electromyography, or force myography information. In this paper, we present a novel gait phase detection system with static standing-based calibration using muscle deformation information. The gait phase detection algorithm can be calibrated within a short time using muscle deformation data by standing in several postures; it is not necessary to collect data while walking for calibration. A logistic regression algorithm is used as the machine learning algorithm, and the probability output is adjusted based on the angular velocity of the sensor. An experiment is performed with 10 subjects, and the detection accuracy of foot-contact and foot-off states is evaluated using video data for each subject. The median accuracy is approximately 90% during walking based on calibration for 60 s, which shows the feasibility of the static standing-based calibration method using muscle deformation information for foot-contact and foot-off state detection.

scholarly journals Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

2018 ◽  
Vol 2018 ◽  
pp. 1-13 ◽  
Author(s):  
Mohamed Idhammad ◽  
Karim Afdel ◽  
Mustapha Belouch
Keyword(s):  
Random Forest ◽  
Network Traffic ◽  
Learning Algorithm ◽  
Detection System ◽  
Cloud Services ◽  
Detection Accuracy ◽  
Cloud Environment ◽  
Ddos Attacks ◽  
Information Theoretic ◽  
Computing Services

Cloud Computing services are often delivered through HTTP protocol. This facilitates access to services and reduces costs for both providers and end-users. However, this increases the vulnerabilities of the Cloud services face to HTTP DDoS attacks. HTTP request methods are often used to address web servers’ vulnerabilities and create multiple scenarios of HTTP DDoS attack such as Low and Slow or Flooding attacks. Existing HTTP DDoS detection systems are challenged by the big amounts of network traffic generated by these attacks, low detection accuracy, and high false positive rates. In this paper we present a detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest ensemble learning algorithm. A time-based sliding window algorithm is used to estimate the entropy of the network header features of the incoming network traffic. When the estimated entropy exceeds its normal range the preprocessing and the classification tasks are triggered. To assess the proposed approach various experiments were performed on the CIDDS-001 public dataset. The proposed approach achieves satisfactory results with an accuracy of 99.54%, a FPR of 0.4%, and a running time of 18.5s.

scholarly journals Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things

Electronics ◽  
2020 ◽  
Vol 9 (3) ◽  
pp. 415 ◽  
Author(s):  
Zeeshan Ali Khan ◽  
Ubaid Abbasi
Keyword(s):  
Internet Of Things ◽  
Intrusion Detection ◽  
Detection System ◽  
Mac Protocol ◽  
Low Cost ◽  
Reputation Management ◽  
The Internet ◽  
Detection Accuracy ◽  
Extra Energy ◽  
Networking Protocols

Internet of Things (IoT) networks consist of tiny devices with limited processing resources and restricted energy budget. These devices are connected to the world-wide web (www) using networking protocols. Considering their resource limitations, they are vulnerable to security attacks by numerous entities on the Internet. The classical security solutions cannot be directly implemented on top of these devices for this reason. However, an Intrusion Detection System (IDS) is a classical way to protect these devices by using low-cost solutions. IDS monitors the network by introducing various metrics, and potential intruders are identified, which are quarantined by the firewall. One such metric is reputation management, which monitors the behavior of the IoT networks. However, this technique may still result in detection error that can be optimized by combining this solution with honeypots. Therefore, our aim is to add some honeypots in the network by distributing them homogeneously as well as randomly. These honeypots will team up with possible maliciously behaving nodes and will monitor their behavior. As per the simulation results, this technique reduces the error rate within the existing IDS for the IoT; however, it costs some extra energy. This trade-off between energy consumption and detection accuracy is studied by considering standard routing and MAC protocol for the IoT network.

scholarly journals Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things

Sensors ◽  
2019 ◽  
Vol 19 (9) ◽  
pp. 1977 ◽  
Author(s):  
Geethapriya Thamilarasu ◽  
Shiven Chawla
Keyword(s):  
Deep Learning ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Cyber Attacks ◽  
The Internet ◽  
Critical Systems ◽  
The Internet Of Things

Cyber-attacks on the Internet of Things (IoT) are growing at an alarming rate as devices, applications, and communication networks are becoming increasingly connected and integrated. When attacks on IoT networks go undetected for longer periods, it affects availability of critical systems for end users, increases the number of data breaches and identity theft, drives up the costs and impacts the revenue. It is imperative to detect attacks on IoT systems in near real time to provide effective security and defense. In this paper, we develop an intelligent intrusion-detection system tailored to the IoT environment. Specifically, we use a deep-learning algorithm to detect malicious traffic in IoT networks. The detection solution provides security as a service and facilitates interoperability between various network communication protocols used in IoT. We evaluate our proposed detection framework using both real-network traces for providing a proof of concept, and using simulation for providing evidence of its scalability. Our experimental results confirm that the proposed intrusion-detection system can detect real-world intrusions effectively.

scholarly journals MALGRA: Machine Learning and N-Gram Malware Feature Extraction and Detection System

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1777
Author(s):  
Muhammad Ali ◽  
Stavros Shiaeles ◽  
Gueltoum Bendiab ◽  
Bogdan Ghita
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Detection System ◽  
Malware Detection ◽  
Machine Learning Algorithms ◽  
Supervised Machine Learning ◽  
Detection Methods ◽  
Normal Operation ◽  
Analysis Technique ◽  
N Gram

Detection and mitigation of modern malware are critical for the normal operation of an organisation. Traditional defence mechanisms are becoming increasingly ineffective due to the techniques used by attackers such as code obfuscation, metamorphism, and polymorphism, which strengthen the resilience of malware. In this context, the development of adaptive, more effective malware detection methods has been identified as an urgent requirement for protecting the IT infrastructure against such threats, and for ensuring security. In this paper, we investigate an alternative method for malware detection that is based on N-grams and machine learning. We use a dynamic analysis technique to extract an Indicator of Compromise (IOC) for malicious files, which are represented using N-grams. The paper also proposes TF-IDF as a novel alternative used to identify the most significant N-grams features for training a machine learning algorithm. Finally, the paper evaluates the proposed technique using various supervised machine-learning algorithms. The results show that Logistic Regression, with a score of 98.4%, provides the best classification accuracy when compared to the other classifiers used.

scholarly journals An Effective Method for Predicting Malware Family

2020 ◽  
Vol 9 (4) ◽  
pp. 1230-1233
Keyword(s):  
Machine Learning ◽  
Malware Detection ◽  
Malicious Code ◽  
The Internet ◽  
Security Threats ◽  
Learning Approaches ◽  
Computer Viruses ◽  
Software Products ◽  
Internet Users ◽  
Rapid Spread

Today, many of devices are connected to internet through networks. Malware (such as computer viruses, trojans, ransomware, and bots) has becoming a critical concern and evolving security threats to the internet users nowadays. To make legitimate users safe from these attacks, many anti-malware software products has been developed. Which provide the major defensive methods against those malwares. Due to rapid spread and easiness of generating malicious code, the number of new malware samples has dramatically increased. There need to take an immediate action against these increase in malware samples which would result in an intelligent method for malware detection. Machine learning approaches are one of the efficient choices to deal with the problem which helps to distinguish malware from benign ones. In this paper we are considering xception model for malware detection. This experiment results shows the efficiency of our proposed method, which gives 98% accuracy with malimg dataset. This paper helps network security area for their efficient works.

scholarly journals An Ensemble of a Prediction and Learning Mechanism for Improving Accuracy of Anomaly Detection in Network Intrusion Environments

2021 ◽  
Vol 13 (18) ◽  
pp. 10057
Author(s):  
Imran ◽  
Faisal Jamil ◽  
Dohyeun Kim
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Accuracy ◽  
Learning Mechanism ◽  
Detection Systems ◽  
Network Applications ◽  
Network Intrusion

The connectivity of our surrounding objects to the internet plays a tremendous role in our daily lives. Many network applications have been developed in every domain of life, including business, healthcare, smart homes, and smart cities, to name a few. As these network applications provide a wide range of services for large user groups, the network intruders are prone to developing intrusion skills for attack and malicious compliance. Therefore, safeguarding network applications and things connected to the internet has always been a point of interest for researchers. Many studies propose solutions for intrusion detection systems and intrusion prevention systems. Network communities have produced benchmark datasets available for researchers to improve the accuracy of intrusion detection systems. The scientific community has presented data mining and machine learning-based mechanisms to detect intrusion with high classification accuracy. This paper presents an intrusion detection system based on the ensemble of prediction and learning mechanisms to improve anomaly detection accuracy in a network intrusion environment. The learning mechanism is based on automated machine learning, and the prediction model is based on the Kalman filter. Performance analysis of the proposed intrusion detection system is evaluated using publicly available intrusion datasets UNSW-NB15 and CICIDS2017. The proposed model-based intrusion detection accuracy for the UNSW-NB15 dataset is 98.801 percent, and the CICIDS2017 dataset is 97.02 percent. The performance comparison results show that the proposed ensemble model-based intrusion detection significantly improves the intrusion detection accuracy.

scholarly journals A Monitoring and Threat Detection System Using Stream Processing as a Virtual Function for Big Data

2019 ◽  
Author(s):  
Martin E. Andreoni Lopez ◽  
Otto Carlos Muniz Bandeira Duarte ◽  
Guy Pujolle
Keyword(s):  
Real Time ◽  
Detection System ◽  
Low Cost ◽  
Stream Processing ◽  
Machine Learning Algorithms ◽  
Optimal Placement ◽  
Network Function Virtualization ◽  
Threat Detection ◽  
Network Function ◽  
Minimum Number

The late detection of security threats causes a significant increase in the risk of irreparable damages, disabling any defense attempt. As a consequence, fast real-time threat detection is mandatory for security guarantees. In addition, Network Function Virtualization (NFV) provides new opportunities for efficient and low-cost security solutions. We propose a fast and efficient threat detection system based on stream processing and machine learning algorithms. The main contributions of this work are i) a novel monitoring threat detection system based on stream processing; ii) two datasets, first a dataset of synthetic security data containing both legitimate and malicious traffic, and the second, a week of real traffic of a telecommunications operator in Rio de Janeiro, Brazil; iii) a data pre-processing algorithm, a normalizing algorithm and an algorithm for fast feature selection based on the correlation between variables; iv) a virtualized network function in an open-source platform for providing a real-time threat detection service; v) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, with a minimum number of sensors; and, finally, vi) a greedy algorithm that allocates on demand a sequence of virtual network functions.

Sign in / Sign up

Export Citation Format

Share Document