Recently, the Internet of Things (IoT) has become wider and adopted many features from social networks and mainly uses sensing devices technologies, causing a rapid increase in production and adoption. However, security and privacy are serious threats that users usually take precautions to protect their devices and information. Thus, understanding the security shortcomings at first stage will educate IoT users to protect their connected things. Understanding IoT software through analysis, comparison (with other types of malware), and detection (from benign IoT) is an essential problem to mitigate security threats. We focus on two central perspectives, the graph and string representations of the software, typically extracted from the software binaries. First, we look into a comparative study of Android and IoT malware through the lenses of graph measurements. We construct the abstract structures of the malware, using Control Flow Graph (CFG) to represent malware binaries, and use them to conduct an in-depth analysis of malicious graphs. Machine Learning (ML) algorithms are actively used in the process of detecting and classifying malicious software. Toward detection, we use different CFG-based features as mentioned above, and augment them with CFGs of the benign dataset and build a detection system. Furthermore, we classify the IoT malware to their corresponding families. However, adversarial ML attacks on malware detectors are proposed in the literature. For example, Adversarial Examples (AEs) on the CFG can be generated by applying small perturbation to the graph features that force the model to misclassification. Thus, we propose Soteria, a CFG-based AEs detector utilizing deep learning with random walks to construct in-depth features. Moreover, we detect the malicious shell commands by extracting and analyzing the malicious commands of IoT malware. We utilize Natural Language Processing (NLP) for feature generation, followed by a deep learning model to detect malicious commands, hence detecting malware samples.
If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu
Doctor of Philosophy (Ph.D.)
College of Engineering and Computer Science
Length of Campus-only Access
Doctoral Dissertation (Campus-only Access)
Alasmary, Hisham, "Analyzing and Detecting Internet of Things Malware Using Residual Static Graph- and String-Based Artifacts" (2020). Electronic Theses and Dissertations, 2020-. 7.