Comprehensive Analysis of IoT Malware Evasion Techniques

Malware detection in Internet of Things (IoT) devices is a great challenge, as these devices lack certain characteristics such as homogeneity and security. Malware is malicious software that affects a system as it can steal sensitive information, slow its speed, cause frequent hangs, and disrupt operations. The most common malware types are adware, computer viruses, spyware, trojans, worms, rootkits, key loggers, botnets, and ransomware. Malware detection is critical for a system's security. Many security researchers have studied the IoT malware detection domain. Many studies proposed the static or dynamic analysis on IoT malware detection. This paper presents a survey of IoT malware evasion techniques, reviewing and discussing various researches. Malware uses a few common evasion techniques such as user interaction, environmental awareness, stegosploit, domain and IP identification, code obfuscation, code encryption, timing, and code compression. A comparative analysis was conducted pointing various advantages and disadvantages. This study provides guidelines on IoT malware evasion techniques.

Download Full-text

A Self-Relocation Based Method for Malware Detection

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.220-223.2688 ◽

2012 ◽

Vol 220-223 ◽

pp. 2688-2693

Author(s):

Yu Zhang ◽

Feng Xia

Keyword(s):

Computer System ◽

Malware Detection ◽

The Self ◽

The Other ◽

The Internet ◽

Sensitive Information ◽

Malicious Software ◽

Unauthorized Access ◽

Base Address ◽

Computer Operation

Malware (malicious software) is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to a computer system. Most malwares propagate themselves throughout the Internet by self-relocation. Self-relocation is a built-in module in most malwares that gets the base address of the code to correctly infect the other programs. Since most legitimate computer programs do not need the self-relocate module, the detection of malware with self-relocation module can be viewed as a promising approach for malware detection. This paper presents a self-relocation based method for both known and previously unknown malwares. The experiments indicate that the proposed approach has better ability to detect known and unknown malwares than other methods.

Download Full-text

Detecting IoT User Behavior and Sensitive Information in Encrypted IoT-App Traffic

Sensors ◽

10.3390/s19214777 ◽

2019 ◽

Vol 19 (21) ◽

pp. 4777 ◽

Cited By ~ 1

Author(s):

Alanoud Subahi ◽

George Theodorakopoulos

Keyword(s):

Network Traffic ◽

User Behavior ◽

Learning Algorithm ◽

User Interaction ◽

Active Role ◽

Supervised Machine Learning ◽

Sensitive Information ◽

Content Type ◽

Iot Devices ◽

Types Of Information

Many people use smart-home devices, also known as the Internet of Things (IoT), in their daily lives. Most IoT devices come with a companion mobile application that users need to install on their smartphone or tablet to control, configure, and interface with the IoT device. IoT devices send information about their users from their app directly to the IoT manufacturer’s cloud; we call this the ”app-to-cloud way”. In this research, we invent a tool called IoT-app privacy inspector that can automatically infer the following from the IoT network traffic: the packet that reveals user interaction type with the IoT device via its app (e.g., login), the packets that carry sensitive Personal Identifiable Information (PII), the content type of such sensitive information (e.g., user’s location). We use Random Forest classifier as a supervised machine learning algorithm to extract features from network traffic. To train and test the three different multi-class classifiers, we collect and label network traffic from different IoT devices via their apps. We obtain the following classification accuracy values for the three aforementioned types of information: 99.4%, 99.8%, and 99.8%. This tool can help IoT users take an active role in protecting their privacy.

Download Full-text

Malware Detection Based on Code Visualization and Two-Level Classification

Information ◽

10.3390/info12030118 ◽

2021 ◽

Vol 12 (3) ◽

pp. 118

Author(s):

Vassilios Moussas ◽

Antonios Andreatos

Keyword(s):

Web Applications ◽

Detection System ◽

Malware Detection ◽

Image Features ◽

Malicious Code ◽

Malware Analysis ◽

Malicious Software ◽

Antivirus Software ◽

Malware Classification ◽

Artificial Neural Network Ann

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

Download Full-text

Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-020-01875-2 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Fei Meng ◽

Leixiao Cheng ◽

Mingqiang Wang

Keyword(s):

Smart City ◽

Keyword Search ◽

Sensitive Information ◽

Security Model ◽

Computational Overhead ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Iot Devices ◽

Ciphertext Policy ◽

Access Policies

AbstractCountless data generated in Smart city may contain private and sensitive information and should be protected from unauthorized users. The data can be encrypted by Attribute-based encryption (CP-ABE), which allows encrypter to specify access policies in the ciphertext. But, traditional CP-ABE schemes are limited because of two shortages: the access policy is public i.e., privacy exposed; the decryption time is linear with the complexity of policy, i.e., huge computational overheads. In this work, we introduce a novel method to protect the privacy of CP-ABE scheme by keyword search (KS) techniques. In detail, we define a new security model called chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and hidden. If user's attributes don't satisfy the public policy, he/she cannot get any information (attribute name and its values) of the hidden one. Previous CP-ABE schemes with hidden policy only work on the “AND-gate” access structure or their ciphertext size or decryption time maybe super-polynomial. Our scheme is more expressive and compact. Since, IoT devices spread all over the smart city, so the computational overhead of encryption and decryption can be shifted to third parties. Therefore, our scheme is more applicable to resource-constrained users. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sensors ◽

10.3390/s21051598 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1598

Author(s):

Sigurd Frej Joel Jørgensen Ankergård ◽

Edlira Dushku ◽

Nicola Dragoni

Keyword(s):

Internet Of Things ◽

Smart Cities ◽

Cyber Attacks ◽

Resource Constrained ◽

Remote Attestation ◽

Comprehensive Overview ◽

Research Issues ◽

Advantages And Disadvantages ◽

Iot Devices ◽

Specialized Hardware

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

Download Full-text

Developing an Algorithm for the Application of Bayesian Method to Software Using Artificial Immune Systems

10.21203/rs.3.rs-538798/v1 ◽

2021 ◽

Author(s):

Shafagat Mahmudova

Keyword(s):

Immune System ◽

Artificial Immune System ◽

Bayesian Method ◽

Artificial Immune Systems ◽

Artificial Immune ◽

Computational System ◽

Malicious Software ◽

Immune Systems ◽

Advantages And Disadvantages ◽

Protection Systems

Abstract This study provides information on artificial immune systems. The artificial immune system is an adaptive computational system that uses models, principles, mechanisms and functions to describe and solve the problems in theoretical immunology. Its application in various fields of science is explored. The theory of natural immune systems and the key features and algorithms of artificial immune system are analyzed. The advantages and disadvantages of protection systems based on artificial immune systems are shown. The methods for malicious software detection are studied. Some works in the field of artificial immune systems are analyzed, and the problems to be solved are identified. A new algorithm is developed for the application of Bayesian method in software using artificial immune systems, and experiments are implemented. The results of the experiment are estimated to be good. The advantages and disadvantages of AIS were shown. To eliminate the disadvantages, perfect AISs should be developed to enable the software more efficient and effective.

Download Full-text

Device-Based Security to Improve User Privacy in the Internet of Things †

Sensors ◽

10.3390/s18082664 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2664 ◽

Cited By ~ 4

Author(s):

Luis Belem Pacheco ◽

Eduardo Pelinson Alchieri ◽

Priscila Mendez Barreto

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Single Point ◽

Data Access ◽

Cloud Services ◽

Sensitive Information ◽

User Privacy ◽

Privacy And Security ◽

Iot Devices ◽

And Control

The use of Internet of Things (IoT) is rapidly growing and a huge amount of data is being generated by IoT devices. Cloud computing is a natural candidate to handle this data since it has enough power and capacity to process, store and control data access. Moreover, this approach brings several benefits to the IoT, such as the aggregation of all IoT data in a common place and the use of cloud services to consume this data and provide useful applications. However, enforcing user privacy when sending sensitive information to the cloud is a challenge. This work presents and evaluates an architecture to provide privacy in the integration of IoT and cloud computing. The proposed architecture, called PROTeCt—Privacy aRquitecture for integratiOn of internet of Things and Cloud computing, improves user privacy by implementing privacy enforcement at the IoT devices instead of at the gateway, as is usually done. Consequently, the proposed approach improves both system security and fault tolerance, since it removes the single point of failure (gateway). The proposed architecture is evaluated through an analytical analysis and simulations with severely constrained devices, where delay and energy consumption are evaluated and compared to other architectures. The obtained results show the practical feasibility of the proposed solutions and demonstrate that the overheads introduced in the IoT devices are worthwhile considering the increased level of privacy and security.

Download Full-text

Blockchain-Based Security Model for LoRaWAN Firmware Updates

Journal of Sensor and Actuator Networks ◽

10.3390/jsan11010005 ◽

2022 ◽

Vol 11 (1) ◽

pp. 5

Author(s):

Njabulo Sakhile Mtetwa ◽

Paul Tarwireyi ◽

Cecilia Nombuso Sibeko ◽

Adnan Abu-Mahfouz ◽

Matthew Adigun

Keyword(s):

Use Cases ◽

Smart Devices ◽

Area Network ◽

Sensitive Information ◽

Security Model ◽

Functional Requirements ◽

Wide Area Network ◽

Proposed Model ◽

Attack Surface ◽

Iot Devices

The Internet of Things (IoT) is changing the way consumers, businesses, and governments interact with the physical and cyber worlds. More often than not, IoT devices are designed for specific functional requirements or use cases without paying too much attention to security. Consequently, attackers usually compromise IoT devices with lax security to retrieve sensitive information such as encryption keys, user passwords, and sensitive URLs. Moreover, expanding IoT use cases and the exponential growth in connected smart devices significantly widen the attack surface. Despite efforts to deal with security problems, the security of IoT devices and the privacy of the data they collect and process are still areas of concern in research. Whenever vulnerabilities are discovered, device manufacturers are expected to release patches or new firmware to fix the vulnerabilities. There is a need to prioritize firmware attacks, because they enable the most high-impact threats that go beyond what is possible with traditional attacks. In IoT, delivering and deploying new firmware securely to affected devices remains a challenge. This study aims to develop a security model that employs Blockchain and the InterPlanentary File System (IPFS) to secure firmware transmission over a low data rate, constrained Long-Range Wide Area Network (LoRaWAN). The proposed security model ensures integrity, confidentiality, availability, and authentication and focuses on resource-constrained low-powered devices. To demonstrate the utility and applicability of the proposed model, a proof of concept was implemented and evaluated using low-powered devices. The experimental results show that the proposed model is feasible for constrained and low-powered LoRaWAN devices.

Download Full-text