The International Arab Journal of Information Technology (IAJIT)

..............................
..............................
..............................


Multichannel Based IoT Malware Detection System Using System Calls and Opcode Sequences

The rapid development in the field of the Internet of things gives rise to many malicious attacks, since it holds many smart objects whose lack of an efficient security framework. These kinds of security issues bring the entire halt-down situation to all smart objects that are connected to the network. In this work, multichannel Convolutional Neural Network (CNN) is proposed whereas each channel’s CNN works on each type of input parameter. This model has two channels connected in a parallel manner, with one CNN taking an opcode sequence as input and the other CNN running with system calls. These extracted system calls and opcode sequences of elf files were discriminated against using two more deep learning algorithms along with multichannel CNN, namely Recurrent Neural Network (RNN) and CNN, and a few recent existing solutions. The performance analysis of the aforementioned algorithms has been carried out and evaluated using accuracy, precision, recall, F1-measure, and time. The experimental results show that multichannel CNN outperforms the remaining considered techniques by achieving a high accuracy of 99.8% for classifying malicious samples from benign ones. The real-time Internet of Things (IoT) malware samples were collected from the IoT honeyPot (IOTPOT), which emulates different CPU architectures of IoT devices.


[1] Azmoodeh A., Dehghantanha A., and Choo K., “Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning” IEEE Transactions on Sustainable Computing, vol. 4, no.1, pp. 88-95, 2018.

[2] Abbas M. and Srikanthan T., “Low-Complexity Signature-Based Malware Detection for Iot Devices,” in Proceedings of International Conference on Applications and Techniques in Information Security, Nanning, pp. 181-189, 2018.

[3] Antonakakis M., April T., Bailey M., Bernhard M., Bursztein E., Cochran J., Durumeric Z., Halderman J., Invernizzi L., Kallitsis M., Kumar D., Lever C., Ma Z., Mason J., Menscher D., Seaman C., Sullivan N., Thomas K., and Zhou Y., “Understanding the Mirai Botnet,” in Proceedings of the 26th USENIX Security Symposium, pp. 1093-1110, 2017.

[4] An N., Duff A., Naik G., Faloutsos M., Weber S., and Mancoridis S., “Behavioral Anomaly Detection of Malware on Home Routers”, in Proceedings of 12th International Conference on 270 The International Arab Journal of Information Technology, Vol. 19, No. 2, March 2022 Malicious and Unwanted Software (MALWARE), Fajardo, pp. 47-54, 2017.

[5] An N., Duff A., Noorani M., Weber S., and Mancoridis S., “Malware Anomaly Detection on Virtual Assistants,” in Proceedings of 13th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, pp. 124-131, 2018.

[6] Breitenbacher D., Homoliak I., Aung Y., Tippenhauer N., and Elovici Y., “HADES-Iot: A Practical Host-Based Anomaly Detection System for Iot Devices,” in Proceedings of the ACM Asia Conference on Computer and Communications Security, New York, pp. 479-484, 2019.

[7] Darabian H., Dehghantanha A., Hashemi S., Homayoun S., and Choo K., “An Opcod-Based Technique for Polymorphic Internet of Things Malware Detection” Concurrency and Computation: Practice and Experience, vol. 32, no. 6, pp. e5173, 2020.

[8] Devarajan R. and Rao P., “An Efficient Intrusion Detection System By Using Behaviour Profiling and Statistical Approach Model,” The International Arab Journal of Information Technology, vol. 18, no. 1, pp. 114-124, 2021.

[9] Fleshman W., Raff E., Zak R.., McLean M., and Nicholas C., “Static Malware Detection and Subterfuge: Quantifying the Robustness of Machine Learning and Current Anti-Virus,” in Proceedings of 13th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, pp. 1-10, 2018.

[10] Gerber A. and Romeo J., “Connecting all the Things in The Internet of Things,” IBM Corporation, pp. 1-10, 2017.

[11] HaddadPajouh H., Dehghantanha A., Khayami R., and Choo K., “A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,” Future Generation Computer Systems, vol. 85, pp. 88-96, 2018.

[12] Hou S., Saas A., Chen L., and Ye Y., “Deep4maldroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graph,” in Proceedings of IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), Omaha, pp. 104-111, 2016.

[13] Iwendi C., Jalil Z., Javed A., Reddy T., Kaluri R., Srivastava G., and Jo O., “Keysplitwatermark: Zero Watermarking Algorithm for Software Protection Against Cyber-Attacks,” IEEE Access, vol. 8, pp. 72650-72660, 2020.

[14] Jeon J., Park J., and Jeong Y., “Dynamic Analysis for Iot Malware Detection with Convolution Neural Network Model,” IEEE Access, vol. 8, pp. 96899-96911, 2020.

[15] Khater B., Wahab A., Idris M., Hussain M., and Ibrahim A., “A Lightweight Perceptron-Based Intrusion Detection System for Fog Computing,” Applied Sciences, vol. 9, no.1, pp. 178, 2019.

[16] Kolosnjaji B., Zarras A., Webster G., and Eckert C.,“ Deep Learning for Classification of Malware System Call Sequences” in Proceedings of Australasian Joint Conference on Artificial Intelligence, Hobart, pp. 137-149, 2016.

[17] Khan M. and Salah K., “Iot Security: Review, Blockchain Solutions, and Open Challenges,” Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.

[18] Kim T., Kang B., Rho M., Sezer S., and Im E., “A Multimodal Deep Learning Method for Android Malware Detection using Various Features,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 773- 788, 2018.

[19] Mishra P., Khurana K., Gupta S., and Sharma M., “VMAnalyzer: Malware Semantic Analysis using Integrated CNN and Bi-Directional LSTM for Detecting VM-level Attacks in Cloud” in Proceedings of 12th International Conference on Contemporary Computing, Noida, pp. 1-6, 2019.

[20] Pa Y., Suzuki S., Yoshioka K., Matsumoto T., Kasama T., and Rossow C., “Iotpot: A Novel Honeypot for Revealing Current Iot Threat,” Journal of Information Processing, vol. 24, pp. 522-533, 2016.

[21] Shobana M. and Poonkuzhali S., “A Novel Approach to Detect Iot Malware By System Calls Using Deep Learning Techniques,” in Proceedings of International Conference on Innovative Trends in Information Technology, Kottayam, pp. 1-5, 2020.

[22] Vinayakumar R., Alazab M., Soman K., Poornachandran P., Al-Nemrat A and Venkatraman S., “Deep Learning Approach for Intelligent Intrusion Detection System” IEEE Access, vol. 7, pp. 41525-41550, 2019.

[23] Xiao X., Zhang S., Mercaldo F., Hu G., and Sangaiah A., “Android Malware Detection Based on System Call Sequences and LSTM” Multimedia Tools and Applications, vol. 78, pp. 3979-3999, 2019.

[24] Yang Y., Wu L., Yin G., Li L., and Zhao H., “A Survey on Security and Privacy Issues in the Internet-of-Things,” IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1250-1258, 2017.

[25] Zielonka A., Woźniak M., Garg S., Kaddoum G., Piran M., and Muhammad G., “Smart Homes: How Much Will They Support Us? A Research On Recent Trends And Advances,” IEEE Access, vol. 9, pp. 26388-26419, 2021. Multichannel Based IoT Malware Detection System Using System Calls ... 271 Shobana Manoharan is a research scholar at the department of computer science and Engineering at Rajalakshmi Engineering college. Her research interest includes network security, IoT, outlier mining, Artificial intelligence, NLP. She has published 10 technical papers in international journals and conference. Life time membership in IAENG, SDIWC, SEEE. Poonkuzhali Sugumaran Professor in the Department of Computer Science and Engineering and Head of Centre for Assistive Devices and Technologies has been with Rajalakshmi Engineering College since August 2000. Her area of specialization is Web Mining, Outlier mining, Information Retrieval, Knowledge Management, Big Data Analytics and E-Learning. Authored 6 texts books and published more than 75 papers in various reputed conferences and in international journals. Received 6 Best Paper Awards for the oral paper presentation. Received International Paper Presenter Award from Computer Society of India She is doing consultancy work for Sentinel Radiologist Solutions and Skill Council for Person with Disability. Kishore Kumar Artificial Intelligence (AI) Engineer, VisioNxt a Mega Project under R&D Division of Ministry of Textiles. He completed Doctoral Studies (PhD) in the Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, West Bengal. His area of specialization is Computer Vision, Speech Processing, Web Service Security, Web Mining, Information Retrieval. Published more than 10 papers in various reputed conferences and in international journals. Received one Best Paper Awards for the oral paper presentation. Received Grants from Tamil Nadu State Council for Science and Technology for presenting papers in the International conference for oral presentation. He is a reviewer for the Neural Processing Letters journal.