RADIOELECTRONIC AND COMPUTER SYSTEMS

The Internet of Things (IoT) refers to the millions of devices around the world that are connected to the Internet. Insecure IoT devices designed without proper security features are the targets of many Internet threats. The rapid integration of the Internet into the IoT infrastructure in various areas of human activity, including vulnerable critical infrastructure, makes the detection of malware in the Internet of Things increasingly important. Annual reports from IoT infrastructure cybersecurity companies and antivirus software vendors show an increase in malware attacks targeting IoT infrastructure. This demonstrates the failure of modern methods for detecting malware on the Internet of things. This is why there is an urgent need for new approaches to IoT malware detection and to protect IoT devices from IoT malware attacks. The subject of the research is the malware detection process on the Internet of Things. This study aims to develop a technique for malware detection based on the control flow graph analysis. Results. This paper presents a new approach for IoT malware detection based on control flow graph analysis. Control flow graphs were built for suspicious IoT applications. The control flow graph is represented as a directed graph, which contains information about the components of the suspicious program and the transitions between them. Based on the control flow graph, metrics can be extracted that describe the structure of the program. Considering that IoT applications are small due to the simplicity and limitations of the IoT operating system environment, malware detection based on control flow graph analysis seems to be possible in the IoT environment. To analyze the behavior of the IoT application for each control flow graph, the action graph is to be built. It shows an abstract graph and a description of the program. Based on the action graph for each IoT application, a sequence is formed. This allows for defining the program’s behavior. Thus, with the aim of IoT malware detection, two malware detection models based on control flow graph metrics and the action sequences are used. Since the approach allows you to analyze both the overall structure and behavior of each application, it allows you to achieve high malware detection accuracy. The proposed approach allows the detection of unknown IoT malware, which are the modified versions of known IoT malware. As the mean of conclusion-making concerning the malware presence, the set of machine learning classifiers was employed. The experimental results demonstrated the high accuracy of IoT malware detection. Conclusions. A new technique for IoT malware detection based on control flow graph analysis has been developed. It can detect IoT malware with high efficiency.

malware; IoT; IoT devices; IoT application; cybersecurity; cyberattack; control flow graph; detection of cyber threats

Trend Micro. The IoT Attack Surface: Threats and Security Solutions. Available at: https://www.trendmicro.com (accessed 11.01.2022).

Check point software cyber security report 2022. Available at: https://www.ntsc.org (accessed 11.01.2022).

Nozomi Networks Labs. What IT Needs to Know about OT/IoT Security Threats in 2022. Available at: https://www.nozominetworks.com (accessed 11.01.2022).

OWASP Internet of Things. Available at: https://owasp.org (accessed 11.01.2022).

Lysenko, S., Kharchenko, V., Bobrovnikova, K., Shchuka, R. Computer systems resilience in the presence of cyber threats: taxonomy and ontology. Radioelectronic and computer systems, 2020, vol. 1, pp. 17-28, 10.32620/reks.2020.1.02.

Shelekhov, V., Barchenko, N., Kalchenko, V., Obodniak, V. A hierarchical fuzzy quality assessment of complex security information systems. Radioelectronic and computer systems, 2020, vol. 4, pp. 106-115. DOI: 10.32620/reks.2020.4.10.

Kolisnyk, M. Vulnerability analysis and method of selection of communication protocols for information transfer in Internet of Things systems. Radioelectronic and computer systems, 2021, vol. 1, pp. 133-149. DOI: 10.32620/reks.2021.1.12.

Morozova, O., Nicheporuk, A., Tetskyi, A., Tkachov, V. Methods and technologies for ensuring cybersecurity of industrial and web-oriented systems and networks. Radioelectronic and computer systems, 2021, vol. 4, pp. 145-156. DOI: 10.32620/reks.2021.4.12.

Sochor, Tomas., Chalupova, Nadezda. Interpersonal Internet Messaging Prospects in Industry 4.0 Era. Recent Advances in Soft Computing and Cybernetics. Springer, Cham, 2021, pp. 285-295. DOI: 10.1007/978-3-030-61659-5_24.

Savenko, B., Lysenko, S., Bobrovnikova, K., Savenko, O. and Markowsky, G. Detection DNS Tunneling Botnets, 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), 2021, pp. 64-69. DOI: 10.1109/IDAACS53288.2021.9661022.

Cabri, A., Suchacka, G., Rovetta, S., Masulli, F. Online Web Bot Detection Using a Sequential Classification Approach. IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Exeter, United Kingdom, 2018, pp. 1536-1540. DOI: 10.1109/HPCC/SmartCity/DSS.2018.00252.

Scanzio, S., Wisniewski, L., Gaj, P. Heterogeneous and dependable networks in industry – A survey. Computers in Industry, 2021, vol 125, article no. 103388. DOI: 10.1016/j.com-pind.2020.103388.

Vijayakumaran, C., Muthusenthil, B., & Manickavasagam, B. A reliable next generation cyber security architecture for industrial internet of things environment. International Journal of Electrical and Computer Engineering, 2020, vol. 10, no. 1, pp. 387-395. DOI: 10.11591/ijece.v10i1.pp387-395.

Wani, A., & Revathi, S. Ransomware protection in loT using software defined networking. International Journal of Electrical and Computer Engineering, 2020, vol. 10, no. 3, pp. 3166-3175. DOI: 10.11591/ijece.v10i3.pp3166-3175.

Karande, J., Joshi, S. DEDA: An algorithm for early detection of topology attacks in the internet of things. International Journal of Electrical & Computer Engineering, 2021, vol. 11, no. 2, pp. 1761-1770. DOI: 10.11591/ijece.v11i2.pp1761-1770.

Chetan, R., Shahabadkar, R. A comprehensive survey on exiting solution approaches towards security and privacy requirements of IoT. International Journal of Electrical & Computer Engineering, 2018, vol. 8, no. 4, pp. 2319-2326. DOI: 10.11591/ijece.v8i4.pp2319-2326.

Anidu, A., Obuzor, Z. Evaluation of machine learning algorithms on Internet of Things (IoT) malware opcodes. Handbook of Big Data Analytics and Forensics Springer, Cham, 2022, pp. 177-191. DOI: 10.1007/978-3-030-74753-4_12.

Shafiq, M., Tian, Z., Bashir, A. K., Du, X., Guizani, M. CorrAUC: a malicious bot-IoT traffic detection method in IoT network using machine learning techniques. IEEE Internet of Things Journal, 2021, vol. 8, no. 5, pp. 3242-3254. DOI: 10.1109/JIOT.2020.3002255.

Verma, A., & Ranga, V. Machine learning based intrusion detection systems for IoT applications. Wireless Personal Communications, 2020, vol. 111, no. 4, pp. 2287-2310. DOI: 10.1007/s11277-019-06986-8.

Rey, V., Sánchez, P. M. S., Celdrán, A. H., & Bovet, G. Federated learning for malware detection in iot devices. Computer Networks, 2022, vol. 204, article no. 108693. DOI: 10.1016/j.comnet.2021.108693.

Shrivastava, R. K., Bashir, B., & Hota, C. Attack detection and forensics using honeypot in IoT environment. International Conference on Distributed Computing and Internet Technology, Springer, Cham, 2019, pp. 402-409. DOI: 10.1007/978-3-030-05366-6_33.

Manimurugan, S., Al-Mutairi, S., Aborokbah, M. M., Chilamkurti, N., Ganesan, S., & Patan, R. Effective attack detection in internet of medical things smart environment using a deep belief neural network. IEEE Access, 2020, vol. 8, pp.77396-77404. DOI: 10.1109/ACCESS.2020.2986013.

Tian, Z., Luo, C., Qiu, J., Du, X., & Guizani, M. A distributed deep learning system for web attack detection on edge devices. IEEE Transactions on Industrial Informatics, 2019, vol. 16, no. 3, pp. 1963-1971. DOI: 10.1109/TII.2019.2938778.

Roopak, M., Tian, G. Y., & Chambers, J. Deep learning models for cyber security in IoT networks. IEEE 9th annual computing and communication workshop and conference (CCWC), 2019, pp. 0452-0457. DOI: 10.1109/CCWC.2019.8666588.

Baig, Z. A., Sanguanpong, S., Firdous, S. N., Nguyen, T. G., & So-In, C. Averaged dependence estimators for DoS attack detection in IoT networks. Future Generation Computer Systems, 2020, vol. 102, pp. 198-209. DOI: 10.1016/j.future.2019.08.007.

Al-Duwairi, B. et al. SIEM-based detection and mitigation of IoT-botnet DDoS attacks. International Journal of Electrical & Computer Engineering, 2020, vol. 10, no. 2, pp. 2182-2191. DOI: 10.11591/ijece.v10i2.pp2182-2191.

Rathore, S., Kwon, B. W., & Park, J. H. BlockSecIoTNet: Blockchain-based decentralized security architecture for IoT network. Journal of Network and Computer Applications, 2019, vol. 143, pp. 167-177. DOI: 10.1016/j.jnca.2019.06.019.

Ravi, N., & Shalinie, S. M. Learning-driven detection and mitigation of DDoS attack in IoT via SDNcloud architecture. IEEE Internet of Things Journal, 2020, vol. 7, no. 4, pp. 3559-3570. DOI: 10.1109/JIOT.2020.2973176.

Moti, Z., Hashemi, S., Karimipour, H., Dehghantanha, A., Jahromi, A. N., Abdi, L., & Alavi, F. Generative adversarial network to detect unseen internet of things malware. Ad Hoc Networks, 2021, vol. 122, no. 2, article no. 102591. DOI: 10.1016/j.adhoc.2021.102591.

Taheri, R., Javidan, R., Pooranian, Z. Adversarial android malware detection for mobile multimedia applications in IoT environments. Multimedia Tools and Applications, 2021, vol. 80, no. 3, pp. 16713-16729. DOI: 10.1007/s11042-020-08804-x.

Jeon, J., Park, J. H., & Jeong, Y. S. Dynamic analysis for IoT malware detection with convolution neural network model. IEEE Access, 2020, vol. 8, pp. 96899-96911. DOI: 10.1109/ACCESS.2020.2995887.

Ngo, Q. D., Nguyen, H. T., Le, V. H., & Nguyen, D. H. A survey of IoT malware and detection methods based on static features. ICT Express, 2020, vol. 6, no. 4, pp. 280-286. DOI: 10.1016/j.icte.2020.04.005.

Vaccari, I., Chiola, G., Aiello, M., Mongelli, M., Cambiaso, E. MQTTset, a New Dataset for Machine Learning Techniques on MQTT. Sensors, 2020, vol. 20, no. 22, article no. 6578. DOI: 10.3390/s20226578.

Lysenko, S., Bobrovnikova, K., Shchuka, R. Savenko, O. A Cyberattacks Detection Technique Based on Evolutionary Algorithms. IEEE 11th International Conference on Dependable Systems, Services and Technologies, 2020, pp. 127-132. DOI: 10.1109/DESSERT50317.2020.9125016.

Lysenko, S., Savenko, O., Bobrovnikova, K. DDoS Botnet Detection Technique Based on the Use of the Semi-Supervised Fuzzy c-Means Clustering. CEUR-WS, 2018, vol. 2104, paper no. 251, pp. 688-695.

Lysenko, S., Bobrovnikova, K., Matiukh, S., Hurman, I., Savenko, O.Detection of the botnets’ low-rate DDoS attacks based on self-similarity. International Journal of Electrical and Computer Engineering, ISSN 2088-8708, 2020, vol. 10, no. 4, pp. 3651-3659. DOI: 10.11591/ijece.v10i4.pp3651-3659.

Lysenko, S., Bobrovnikova, K., Savenko, O., Shchuka, R. Technique for Cyberattacks Detection Based on DNS Traffic Analysis, CEUR-WS, 2020, vol. 2623, paper no. 19. pp. 208-218.

Lysenko, S., Bobrovnikova, K., Savenko, O., Kryshchuk, A. BotGRABBER: SVM-Based Self-Adaptive System for the Network Resilience Against the Botnets’ Cyberattacks. Communications in Computer and Information Science, 2019, pp. 127-143.

IoT dataset. Available at: https://github.com/thieu1995/iot_dataset (accessed 11.01.2022).

IoTPOT. Available at: https://sec.ynu.codes/iot/ (accessed 11.01.2022).

Pa, Y. M. P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C. IoTPOT: A novel honeypot for revealing current IoT threats. Journal of Information Processing, 2016, vol. 24, no. 3, pp. 522-533. DOI: 10.2197/ipsjjip.24.522.

Google Play. Available at: https://play.google.com/store/apps?hl=ru&gl=US (accessed 11.01.2022).

OpenWrt. Available at: https://openwrt.org/ (accessed 11.01.2022).

Radare2. Available at: https://www.radare.org/n/ (accessed 11.01.2022).

NetworkX. Available at: https://networkx.org/ (accessed 11.01.2022).

Choudhary, S., Sharma, A. Malware Detection & Classification using Machine Learning, International Conference on Emerging Trends in Communication, Control and Computing, 2020, pp. 1-4. DOI: 10.1109/ICONC345789.2020.9117547.

Tirandasu, R. K., Prasanth, Y. A Review on Malicious Software Detection using Machine Learning Algorithms, Second International Conference on Electronics and Sustainable Communication Systems (ICESC), 2021, pp. 1945-1948. DOI: 10.1109/ICESC51422.2021.9532700.

Singh, P., Kaur, S., Sharma, S., Sharma, G., Vashisht S., Kumar, V. Malware Detection Using Machine Learning, International Conference on Technological Advancements and Innovations (ICTAI), 2021, pp. 11-14. DOI: 10.1109/ICTAI53825.2021.9673465.

Köse, Ü., Samet, R. Detection of Malware with Deep Learning Method, International Conference on Computer Science and Engineering (UBMK), 2021, pp. pp. 665-669. DOI: 10.1109/UBMK52708.2021.9559020.