Improving Robustness in IoT Malware Detection through Execution Order Analysis
Article No.: 4, Pages 1 - 17
Abstract
The rapid expansion of the Internet of Things (IoT) has significantly increased the prevalence of malware targeting IoT devices. Although machine learning models offer promising solutions for automatic malware detection, they are increasingly vulnerable to adversarial attacks. These attacks exploit the model’s feedback loop to iteratively refine malware, producing adversarial samples that evade detection. As such, enhancing the robustness of these models is of paramount importance. Our research introduces a novel approach to bolster malware detection by retaining additional semantic information within the execution order analysis of malware programs. The method significantly improves the resilience of detection models against adversarial samples and implements two adversarial attack methods to rigorously test our model’s robustness by generating authentic adversarial examples for validation. We highlight the critical impact of preserving semantic integrity in malware detection and present a solution to counteract the growing threat of adversarial attacks in IoT environments.
References
[1]
[n.d.]. Angr. Retrieved October 9, 2023 from https://angr.io/
[2]
[n.d.]. Execution Order Analysis Dataset. Retrieved Dec. 10th, 2023 from https://gitlab.com/Gao-Yu/execution-order-analysis-dataset
[3]
[n.d.]. Malware AV-TEST. Retrieved January 5, 2024 from https://www.av-test.org/en/statistics/malware/
[4]
[n.d.]. VirusTotal. Retrieved January 2, 2024 from https://www.virustotal.com/gui/intelligence-overview
[5]
Haisal Dauda Abubakar, Mahmood Umar, and Muhammad Abdullahi Bakale. 2022. Sentiment classification: Review of text vectorization methods: Bag of words, Tf-Idf, Word2vec and Doc2vec. SLU Journal of Science and Technology 4, 1--2 (2022), 27–33.
[6]
Ahmed Abusnaina, Aminollah Khormali, Hisham Alasmary, Jeman Park, Afsah Anwar, and Aziz Mohaisen. 2019. Adversarial learning attacks on graph-based IoT malware detection systems. In Proceedings of the 2019 IEEE 39th ICDCS. 1296–1305.
[7]
Hisham Alasmary, Aminollah Khormali, Afsah Anwar, Jeman Park, Jinchun Choi, Ahmed Abusnaina, Amro Awad, Daehun Nyang, and Aziz Mohaisen. 2019. Analyzing and detecting emerging Internet of Things malware: A graph-based approach. IEEE Internet of Things Journal 6, 5 (2019), 8977–8988.
[8]
Tristan Bilot, Nour El Madhoun, Khaldoun Al Agha, and Anis Zouaoui. 2024. A survey on malware detection with graph representation learning. ACM Computing Surveys 56, 11 (2024).
[9]
Tom B. Brown, Benjamin Mann, Nick Ryder, Melanie Subbiah, Jared Kaplan, Prafulla Dhariwal, Arvind Neelakantan, Pranav Shyam, Girish Sastry, Amanda Askell, Sandhini Agarwal, Ariel Herbert-Voss, Gretchen Krueger, Tom Henighan, Rewon Child, Aditya Ramesh, Daniel M. Ziegler, Jeffrey Wu, Clemens Winter, Christopher Hesse, Mark Chen, Eric Sigler, Mateusz Litwin, Scott Gray, Benjamin Chess, Jack Clark, Christopher Berner, Sam McCandlish, Alec Radford, Ilya Sutskever, and Dario Amodei. 2020. Language models are few-shot learners. Advances in Neural Information Processing Systems 33, Article No. 159 (2020), 1877–1901.
[10]
Lei Cui, Jiancong Cui, Yuede Ji, Zhiyu Hao, Lun Li, and Zhenquan Ding. 2023. API2Vec: Learning representations of API sequences for malware detection. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. 261–273.
[11]
Luca Demetrio, Battista Biggio, Giovanni Lagorio, Fabio Roli, and Alessandro Armando. 2021. Functionality-preserving black-box optimization of adversarial windows malware. IEEE Transactions on IFS 16 (2021), 3469–3478.
[12]
Jacob Devlin. 2019. BERT: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of the NAACL-HLT 2019. 4171--4186.
[13]
Mohammadreza Ebrahimi, Ning Zhang, James Hu, Muhammad Taqi Raza, and Hsinchun Chen. 2020. Binary black-box evasion attacks against deep learning-based static malware detectors with adversarial byte-level language model. arXiv:2012.07994. Retrieved from https://arxiv.org/abs/2012.07994
[14]
Ruitao Feng, Sen Li, Sen Chen, Mengmeng Ge, Xuewei Li, and Xiaohong Li. 2024. Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification. In Proceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. 95–106.
[15]
Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2020. Generative adversarial networks. Communications of the ACM 63, 11 (2020), 139–144.
[16]
Sibel Gülmez and Ibrahim Sogukpinar. 2021. Graph-based malware detection using opcode sequences. In Proceedings of the 2021 9th ISDFS. 1–5.
[17]
Ishita Gupta, Sneha Kumari, Priya Jha, and Mohona Ghosh. 2024. Leveraging LSTM and GAN for modern malware detection. Retrieved from https://arxiv.org/abs/2405.04373
[18]
Jerome Dinal Herath, Priti Prabhakar Wakodikar, Ping Yang, and Guanhua Yan. 2022. CFGExplainer: Explaining graph neural network-based malware classification from control flow graphs. In Proceedings of the IEEE/IFIP International Conference on DSN.
[19]
Junguang Jiang, Yang Shu, Jianmin Wang, and Mingsheng Long. 2022. Transferability in deep learning: A survey. Retrieved from https://arxiv.org/abs/2201.05867
[20]
Mahmoud Kalash, Mrigank Rochan, Noman Mohammed, Neil D. B. Bruce, Yang Wang, and Farkhund Iqbal. 2018. Malware classification with deep convolutional neural networks. In Proceedings of the IFIP on NTMS. 1–5.
[21]
Y.-T. Lee, T. Ban, T.-L. Wan, S.-M. Cheng, R. Isawa, T. Takahashi, and D. Inoue. 2020. Cross platform IoT-malware family classification based on printable strings. In Proceedings of the IEEE TrustCom 2020. 775–784.
[22]
Liang-Bo Ouyang. 2021. Robustness Evaluation of Graph-based Malware Detection Using Code-level Adversarial Attack with Explainability. Master. NTUST, Taipei, Taiwan.
[23]
Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, and Lorenzo Cavallaro. 2020. Intriguing properties of adversarial ml attacks in the problem space. In Proceedings of the 2020 IEEE Symposium on SP. 1332–1349.
[24]
Edward Raff, Jon Barker, Jared Sylvester, Robert Brandon, Bryan Catanzaro, and Charles Nicholas. 2018. Malware detection by eating a whole EXE. In Proceedings of the AAAI 2018.
[25]
Colin Raffel, Noam Shazeer, Adam Roberts, Katherine Lee, Sharan Narang, Michael Matena, Yanqi Zhou, Wei Li, and Peter J. Liu. 2020. Exploring the limits of transfer learning with a unified text-to-text transformer. The Journal of Machine Learning Research 21, 1 (2020), 5485–5551.
[26]
Tina Rezaei and Ali Hamze. 2020. An efficient approach for malware detection using PE header specifications. In Proceedings of the IEEE on ICWR 2020. 234–239.
[27]
Ramesh Kumar Sah and Hassan Ghasemzadeh. 2024. Adversarial transferability in embedded sensor systems: An activity recognition perspective. ACM Trans. Embed. Comput. Syst. 23, 2 (2024), 31 pages. DOI:
[28]
Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In Proceedings of 31st Conference on Neural Information Processing Systems (NIPS'17). 6000--6010.
[29]
Devyani Vij, Vivek Balachandran, Tony Thomas, and Roopak Surendran. 2020. GRAMAC: A graph based Android malware classification mechanism. In Proceedings of the 10th ACM CODASPY. 156–158.
[30]
Xiao-Wang Wu, Yan Wang, Yong Fang, and Peng Jia. 2022. Embedding vector generation based on function call graph for effective malware detection and classification. Neural Computing & Applications 34 (2022), 8643--8656. DOI:
[31]
Keyulu Xu, Weihua Hu, Jure Leskovec, and Stefanie Jegelka. 2018. How powerful are graph neural networks? In Proceedings of the International Conference on Learning Representations. Retrieved from https://openreview.net/forum?id=ryGs6iA5Km
[32]
Senming Yan, Jing Ren, Wei Wang, Limin Sun, Wei Zhang, and Quan Yu. 2023. A survey of adversarial attack and defense methods for malware classification in cyber security. IEEE Communications Surveys and Tutorials 25, 1 (2023), 467–496.
[33]
Chun Yang, Jinghui Xu, Shuangshuang Liang, Yanna Wu, Yu Wen, Boyang Zhang, and Dan Meng. 2021. DeepMal: Maliciousness-Preserving adversarial instruction learning against static malware detection. Cybersecurity 4, Article No. 16 (2021), 1–14.
[34]
Chi-Hsin Yang. 2022. An Imperceptible Adversarial Attack on Structure-Based Malware Detectors. Master. NTUST, Taipei, Taiwan.
[35]
Zikai Zhang, Yidong Li, Wei Wang, Haifeng Song, and Hairong Dong. 2022. Malware detection with dynamic evolving graph convolutional networks. International Journal of Intelligent Systems 37 (March 2022), 7261–7280.
Index Terms
- Improving Robustness in IoT Malware Detection through Execution Order Analysis
Recommendations
Exploiting Windows PE Structure for Adversarial Malware Evasion Attacks
CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and PrivacyThe last decade has seen phenomenal growth in the application of machine learning. At this point, it won't be wrong to claim that most technological change is directly or indirectly connected to machine learning. Along with machine learning, cyber-...
Machine/Deep Learning for obfuscated malware Detection
ICFNDS '23: Proceedings of the 7th International Conference on Future Networks and Distributed SystemsThe protection of digital systems and sensitive data has become paramount due to the appearance of new intelligent cybersecurity threats. The landscape of cyber threats is constantly evolving, becoming more sophisticated and diverse by the day. This ...
Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art
AbstractMalware has been one of the most damaging threats to computers that span across multiple operating systems and various file formats. To defend against ever-increasing and ever-evolving malware, tremendous efforts have been made to propose a ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 26 September 2024
Online AM: 26 August 2024
Accepted: 29 July 2024
Revised: 28 July 2024
Received: 07 January 2024
Published in TECS Volume 24, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Science and Technology Council (NSTC), Taiwan
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 172Total Downloads
- Downloads (Last 12 months)172
- Downloads (Last 6 weeks)77
Reflects downloads up to 12 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in