scholarly journals Detection Method for Classifying Malicious Firmware

Author(s):  
David Noever ◽  
Samantha E. Miller Noever

A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and that typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants. To explain how the model makes classification decisions, the research applies traditional statistical methods such as both single and ensembles of decision trees with identifiable pixel or byte values that contribute the malicious or benign determination.

2021 ◽  
Author(s):  
David Noever ◽  
Samantha E. Miller Noever

A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and alsothat typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants.


2021 ◽  
Vol 54 (2) ◽  
pp. 1-42
Author(s):  
Abdullah Qasem ◽  
Paria Shirani ◽  
Mourad Debbabi ◽  
Lingyu Wang ◽  
Bernard Lebel ◽  
...  

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.


Entropy ◽  
2020 ◽  
Vol 22 (9) ◽  
pp. 949
Author(s):  
Jiangyi Wang ◽  
Min Liu ◽  
Xinwu Zeng ◽  
Xiaoqiang Hua

Convolutional neural networks have powerful performances in many visual tasks because of their hierarchical structures and powerful feature extraction capabilities. SPD (symmetric positive definition) matrix is paid attention to in visual classification, because it has excellent ability to learn proper statistical representation and distinguish samples with different information. In this paper, a deep neural network signal detection method based on spectral convolution features is proposed. In this method, local features extracted from convolutional neural network are used to construct the SPD matrix, and a deep learning algorithm for the SPD matrix is used to detect target signals. Feature maps extracted by two kinds of convolutional neural network models are applied in this study. Based on this method, signal detection has become a binary classification problem of signals in samples. In order to prove the availability and superiority of this method, simulated and semi-physical simulated data sets are used. The results show that, under low SCR (signal-to-clutter ratio), compared with the spectral signal detection method based on the deep neural network, this method can obtain a gain of 0.5–2 dB on simulated data sets and semi-physical simulated data sets.


2020 ◽  
Vol 14 ◽  
Author(s):  
Stephanie Haro ◽  
Christopher J. Smalt ◽  
Gregory A. Ciccarelli ◽  
Thomas F. Quatieri

Many individuals struggle to understand speech in listening scenarios that include reverberation and background noise. An individual's ability to understand speech arises from a combination of peripheral auditory function, central auditory function, and general cognitive abilities. The interaction of these factors complicates the prescription of treatment or therapy to improve hearing function. Damage to the auditory periphery can be studied in animals; however, this method alone is not enough to understand the impact of hearing loss on speech perception. Computational auditory models bridge the gap between animal studies and human speech perception. Perturbations to the modeled auditory systems can permit mechanism-based investigations into observed human behavior. In this study, we propose a computational model that accounts for the complex interactions between different hearing damage mechanisms and simulates human speech-in-noise perception. The model performs a digit classification task as a human would, with only acoustic sound pressure as input. Thus, we can use the model's performance as a proxy for human performance. This two-stage model consists of a biophysical cochlear-nerve spike generator followed by a deep neural network (DNN) classifier. We hypothesize that sudden damage to the periphery affects speech perception and that central nervous system adaptation over time may compensate for peripheral hearing damage. Our model achieved human-like performance across signal-to-noise ratios (SNRs) under normal-hearing (NH) cochlear settings, achieving 50% digit recognition accuracy at −20.7 dB SNR. Results were comparable to eight NH participants on the same task who achieved 50% behavioral performance at −22 dB SNR. We also simulated medial olivocochlear reflex (MOCR) and auditory nerve fiber (ANF) loss, which worsened digit-recognition accuracy at lower SNRs compared to higher SNRs. Our simulated performance following ANF loss is consistent with the hypothesis that cochlear synaptopathy impacts communication in background noise more so than in quiet. Following the insult of various cochlear degradations, we implemented extreme and conservative adaptation through the DNN. At the lowest SNRs (<0 dB), both adapted models were unable to fully recover NH performance, even with hundreds of thousands of training samples. This implies a limit on performance recovery following peripheral damage in our human-inspired DNN architecture.


2021 ◽  
Author(s):  
Benjamin Secker

Use of the Internet of Things (IoT) is poised to be the next big advancement in environmental monitoring. We present the high-level software side of a proof-of-concept that demonstrates an end-to-end environmental monitoring system,<br><div>replacing Greater Wellington Regional Council’s expensive data loggers with low-cost, IoT centric embedded devices, and it’s supporting cloud platform. The proof-of-concept includes a Micropython-based software stack running on an ESP32 microcontroller. The device software includes a built-in webserver that hosts a responsive Web App for configuration of the device. Telemetry data is sent over Vodafone’s NB-IoT network and stored in Azure IoT Central, where it can be visualised and exported.</div><br>While future development is required for a production-ready system, the proof-of-concept justifies the use of modern IoT technologies for environmental monitoring. The open source nature of the project means that the knowledge gained can be re-used and modified to suit the use-cases for other organisations.


2019 ◽  
Vol 1 (6) ◽  
pp. 61-70
Author(s):  
Vaishnave A.K ◽  
Jenisha S.T ◽  
Tamil Selvi S

The Internet of Things (IoT) is inter communication of embedded devices using networking technologies. The IoT will be one of the important trends in future; can affect the networking, business and communication. In this paper, proposing a remote sensing parameter of the human body which consists of pulse and temperature. The parameters that are used for sensing and monitoring will send the data through wireless sensors. Adding a web based observing helps to keep track of the regular status of patient. The sensing data will be continuously collected in a database and will be used to inform patient to any unseen problems to undergo possible diagnosis. Experimental results prove the proposed system is user friendly, reliable, economical. IoT typically expected to propose the advanced high bandwidth connectivity of embedded devices, systems and services which goes beyond machine –to – machine (M2M) context. The advanced connectivity of devices aide in automation is possible in nearly all field. Everyone today is so busy in their lives; even they forget to take care of their health. By keeping all these things in minds, technology really proves to be an asset for an individual. With the advancement in technology, lots of smart or medical sensors came into existence that continuously analyzes individual patient activity and automatically predicts a heart attack before the patient feels sick.


2021 ◽  
Author(s):  
Jim Scheibmeir ◽  
Yashwant K. Malaiya

Abstract The Internet of Things technology offers convenience and innovation in areas such as smart homes and smart cities. Internet of Things solutions require careful management of devices and the risk mitigation of potential vulnerabilities within cyber-physical systems. The Internet of Things concept, its implementations, and applications are frequently discussed on social media platforms. This article illuminates the public view of the Internet of Things through a content-based analysis of contemporary conversations occurring on the Twitter platform. Tweets can be analyzed with machine learning methods to converge the volume and variety of conversations into predictive and descriptive models. We have reviewed 684,503 tweets collected in a two-week period. Using supervised and unsupervised machine learning methods, we have identified interconnecting relationships between trending themes and the most mentioned industries. We have identified characteristics of language sentiment which can help to predict popularity within the realm of IoT conversation. We found the healthcare industry as the leading use case industry for IoT implementations. This is not surprising as the current Covid-19 pandemic is driving significant social media discussions. There was an alarming dearth of conversations towards cybersecurity. Only 12% of the tweets relating to the Internet of Things contained any mention of topics such as encryption, vulnerabilities, or risk, among other cybersecurity-related terms.


Sign in / Sign up

Export Citation Format

Share Document