| While the Internet of Things(Io T)has grown rapidly in recent years,there has also been a significant increment of attacks on Io T infrastructure,applications and end devices.Malware,as the most significant threat in Io T,often leads to problems such as personal privacy data leakage,botnet attacks targeting Io T devices,etc.Designing an effective malware detection mechanism is of great significance and value in securing the Io T.Since the Microsoft Malware Detection Challenge competition in 2015,artificial intelligenceoriented malware detection techniques have gained significant progress.The detection accuracy becomes increasingly saturated.Based on the features input to train a detection model,existing approaches for malware detection can be grouped into the following categories: static feature-based detection and dynamic feature-based detection.Unlike the existing mainstream technologies for malware detection,malware detection in Io T is still in its infancy.As the main means of malware detection in Io T,artificial intelligence-powered detection mechanisms still need to address the following issues:(1)Existing models are computationally intensive and costly due to complex sample collection,feature engineering,and model training.Thus,those models are not suitable for installation and deployment on terminal devices in Io T.(2)Existing models are mostly based on supervised learning with a large number of labeled malware samples.However,many adversarial attacks have been proposed against those supervised learning models.Those adversarial samples cannot be effectively detected by most of the existing models.(3)Malware in Io T,represented by Mirai,is characterized by attack features contained in network packets generated by attacks.Therefore,detection models trained by using malicious samples with known "labels" cannot effectively detect such attacks.To address the above issues,this thesis analyses the Io T and its representative malware.With the goal of improving the performance of malware detection in Io T and enhancing the robustness of the detection model,this thesis proposes effective solutions from three points.(1)The end-to-end Mal Conv model is improved first by optimizing and redesigning the convolutional structure and reducing the number of parameters to an approximately one-thirteenth scale of its original model in the process of convolution.The improved model can be installed and adapted to Io T terminal devices while achieving comparable detection accuracy with the original Mal Conv model.(2)In view of the typical Botnet attacks and Distributed Denial-of-Service(DDo S)attacks in Io T,a malicious traffic detection mechanism based on the Bi-LSTM(Bidirectional Long Short-Term Memory)model is designed and implemented based on the attacking characteristics mainly featured in terms of network traffic.The experimental results show that the model achieves 99.54% detection accuracy,which is higher than other models for malicious traffic detection.Further experiments were conducted to analyze the relationship between important features and network communication traffic.By quantitative analyzing the important features that have significant impact on the results of the Bi-LSTM model,we found two key features for detecting malicious traffic in the Io T,including connection records and the size of the responsive packet in bytes.(3)To enhance the robustness of the detection model,the improved Mal Conv model and the Bi-LSTM model were integrated by defining the weighted objective function while taking both malware and malicious traffic as inputs.The experimental results show that the integrated model achieves an accuracy higher than 95%.Meanwhile,the model is proved with better robustness in detecting adversarial malware samples with evasion rate lower than 10%. |
PDF Full Text Request