The International Arab Journal of Information Technology (IAJIT)


Multichannel Based IoT Malware Detection System Using System Calls and Opcode Sequences

The rapid development in the field of the Internet of things gives rise to many malicious attacks, since it holds many smart objects whose lack of an efficient security framework. These kinds of security issues bring the entire halt-down situation to all smart objects that are connected to the network. In this work, multichannel Convolutional Neural Network (CNN) is proposed whereas each channel’s CNN works on each type of input parameter. This model has two channels connected in a parallel manner, with one CNN taking an opcode sequence as input and the other CNN running with system calls. These extracted system calls and opcode sequences of elf files were discriminated against using two more deep learning algorithms along with multichannel CNN, namely Recurrent Neural Network (RNN) and CNN, and a few recent existing solutions. The performance analysis of the aforementioned algorithms has been carried out and evaluated using accuracy, precision, recall, F1-measure, and time. The experimental results show that multichannel CNN outperforms the remaining considered techniques by achieving a high accuracy of 99.8% for classifying malicious samples from benign ones. The real-time Internet of Things (IoT) malware samples were collected from the IoT honeyPot (IOTPOT), which emulates different CPU architectures of IoT devices.

[1] Azmoodeh A., Dehghantanha A., and Choo K., “Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning” IEEE Transactions on Sustainable Computing, vol. 4, no.1, pp. 88-95, 2018.

[2] Abbas M. and Srikanthan T., “Low-Complexity Signature-Based Malware Detection for Iot Devices,” in Proceedings of International Conference on Applications and Techniques in Information Security, Nanning, pp. 181-189, 2018.

[3] Antonakakis M., April T., Bailey M., Bernhard M., Bursztein E., Cochran J., Durumeric Z., Halderman J., Invernizzi L., Kallitsis M., Kumar D., Lever C., Ma Z., Mason J., Menscher D., Seaman C., Sullivan N., Thomas K., and Zhou Y., “Understanding the Mirai Botnet,” in Proceedings of the 26th USENIX Security Symposium, pp. 1093-1110, 2017.

[4] An N., Duff A., Naik G., Faloutsos M., Weber S., and Mancoridis S., “Behavioral Anomaly Detection of Malware on Home Routers”, in Proceedings of 12th International Conference on 270 The International Arab Journal of Information Technology, Vol. 19, No. 2, March 2022 Malicious and Unwanted Software (MALWARE), Fajardo, pp. 47-54, 2017.

[5] An N., Duff A., Noorani M., Weber S., and Mancoridis S., “Malware Anomaly Detection on Virtual Assistants,” in Proceedings of 13th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, pp. 124-131, 2018.

[6] Breitenbacher D., Homoliak I., Aung Y., Tippenhauer N., and Elovici Y., “HADES-Iot: A Practical Host-Based Anomaly Detection System for Iot Devices,” in Proceedings of the ACM Asia Conference on Computer and Communications Security, New York, pp. 479-484, 2019.

[7] Darabian H., Dehghantanha A., Hashemi S., Homayoun S., and Choo K., “An Opcod-Based Technique for Polymorphic Internet of Things Malware Detection” Concurrency and Computation: Practice and Experience, vol. 32, no. 6, pp. e5173, 2020.

[8] Devarajan R. and Rao P., “An Efficient Intrusion Detection System By Using Behaviour Profiling and Statistical Approach Model,” The International Arab Journal of Information Technology, vol. 18, no. 1, pp. 114-124, 2021.

[9] Fleshman W., Raff E., Zak R.., McLean M., and Nicholas C., “Static Malware Detection and Subterfuge: Quantifying the Robustness of Machine Learning and Current Anti-Virus,” in Proceedings of 13th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, pp. 1-10, 2018.

[10] Gerber A. and Romeo J., “Connecting all the Things in The Internet of Things,” IBM Corporation, pp. 1-10, 2017.

[11] HaddadPajouh H., Dehghantanha A., Khayami R., and Choo K., “A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,” Future Generation Computer Systems, vol. 85, pp. 88-96, 2018.

[12] Hou S., Saas A., Chen L., and Ye Y., “Deep4maldroid: A Deep Learning Framework for Android Malware Detection Based on Linux Kernel System Call Graph,” in Proceedings of IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW), Omaha, pp. 104-111, 2016.

[13] Iwendi C., Jalil Z., Javed A., Reddy T., Kaluri R., Srivastava G., and Jo O., “Keysplitwatermark: Zero Watermarking Algorithm for Software Protection Against Cyber-Attacks,” IEEE Access, vol. 8, pp. 72650-72660, 2020.

[14] Jeon J., Park J., and Jeong Y., “Dynamic Analysis for Iot Malware Detection with Convolution Neural Network Model,” IEEE Access, vol. 8, pp. 96899-96911, 2020.

[15] Khater B., Wahab A., Idris M., Hussain M., and Ibrahim A., “A Lightweight Perceptron-Based Intrusion Detection System for Fog Computing,” Applied Sciences, vol. 9, no.1, pp. 178, 2019.

[16] Kolosnjaji B., Zarras A., Webster G., and Eckert C.,“ Deep Learning for Classification of Malware System Call Sequences” in Proceedings of Australasian Joint Conference on Artificial Intelligence, Hobart, pp. 137-149, 2016.

[17] Khan M. and Salah K., “Iot Security: Review, Blockchain Solutions, and Open Challenges,” Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.

[18] Kim T., Kang B., Rho M., Sezer S., and Im E., “A Multimodal Deep Learning Method for Android Malware Detection using Various Features,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 3, pp. 773- 788, 2018.

[19] Mishra P., Khurana K., Gupta S., and Sharma M., “VMAnalyzer: Malware Semantic Analysis using Integrated CNN and Bi-Directional LSTM for Detecting VM-level Attacks in Cloud” in Proceedings of 12th International Conference on Contemporary Computing, Noida, pp. 1-6, 2019.

[20] Pa Y., Suzuki S., Yoshioka K., Matsumoto T., Kasama T., and Rossow C., “Iotpot: A Novel Honeypot for Revealing Current Iot Threat,” Journal of Information Processing, vol. 24, pp. 522-533, 2016.

[21] Shobana M. and Poonkuzhali S., “A Novel Approach to Detect Iot Malware By System Calls Using Deep Learning Techniques,” in Proceedings of International Conference on Innovative Trends in Information Technology, Kottayam, pp. 1-5, 2020.

[22] Vinayakumar R., Alazab M., Soman K., Poornachandran P., Al-Nemrat A and Venkatraman S., “Deep Learning Approach for Intelligent Intrusion Detection System” IEEE Access, vol. 7, pp. 41525-41550, 2019.

[23] Xiao X., Zhang S., Mercaldo F., Hu G., and Sangaiah A., “Android Malware Detection Based on System Call Sequences and LSTM” Multimedia Tools and Applications, vol. 78, pp. 3979-3999, 2019.

[24] Yang Y., Wu L., Yin G., Li L., and Zhao H., “A Survey on Security and Privacy Issues in the Internet-of-Things,” IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1250-1258, 2017.

[25] Zielonka A., Wo┼║niak M., Garg S., Kaddoum G., Piran M., and Muhammad G., “Smart Homes: How Much Will They Support Us? A Research On Recent Trends And Advances,” IEEE Access, vol. 9, pp. 26388-26419, 2021.