Abstract
Internet of Things (IoT) has become widely adopted in many fields, including industry, social networks, health care, and smart homes, connecting billions of IoT devices through the internet. Understanding and studying IoT malware through analysis using various approaches, such as Control Flow Graph (CFG)-based features and then applying deep learning detection, are widely explored. In this study, we investigate the robustness of such models against adversarial attacks. Our approach crafts the adversarial IoT software using the Subgraph Embedding and Augmentation (SGEA) method that reduces the embedded size required to cause misclassification. Intensive experiments are conducted to evaluate the performance of the proposed method. We observed that SGEA approach is able to misclassify all IoT malware samples as benign by embedding an average size of 6.8 nodes. This highlights that the current detection systems are prone to adversarial examples attacks; thus, there is a need to build more robust systems to detect such manipulated features generated by adversarial examples.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Antonakakis, M., et al.: Understanding the Mirai Botnet. In: Proceedings of the 26th USENIX Security Symposium, pp. 1093–1110 (2017)
Azmoodeh, A., Dehghantanha, A., Choo, K.-K.R.: Robust malware detection for Internet of (Battlefield) Things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4, 88–95 (2019)
Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. 52, 251–266 (2015)
Alasmary, H., et al.: Analyzing and detecting emerging Internet of Things malware: a graph-based approach. IEEE Internet Things J. (2019)
Mohaisen, A., Yun, A., Kim, Y.: Measuring the mixing time of social graphs. In: ACM IMC, pp. 383–389 (2010)
Mohaisen, A., Hopper, N., Kim, Y.: Keep your friends close: incorporating trust into social network-based Sybil defenses. In: Proceedings of the 30th IEEE International Conference on Computer Communications, INFOCOM, pp. 1943–1951 (2011)
Ian, C.S., Goodfellow, J., Shlens, J.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations, pp. 1–11 (2015)
Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)
Papernot, N., McDaniel, P.D., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), pp. 372–387 (2016)
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4
Abusnaina, A., Khormali, A., Alasmary, H., Park, J., Anwar, A., Mohaisen, A.: Adversarial learning attacks on graph-based IoT malware detection systems. In: 39th IEEE International Conference on Distributed Computing Systems, ICDCS (2019)
Wüchner, T., Ochoa, M., Pretschner, A.: Robust and effective malware detection through quantitative data flow graph metrics. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 98–118. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_6
Caselden, D., Bazhanyuk, A., Payer, M., McCamant, S., Song, D.: HI-CFG: construction by binary analysis and application to attack polymorphism. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 164–181. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_10
Alam, S., Horspool, R.N., Traoré, I., Sogukpinar, I.: A framework for metamorphic malware analysis and real-time detection. Comput. Secur. 48, 212–233 (2015)
Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129–143. Springer, Heidelberg (2006). https://doi.org/10.1007/11790754_8
Yan, J., Jin, D., Yan, G.: Classifying malware represented as control flow graphs using deep graph convolutional neural networks. In: IEEE/IFIP DSN, pp. 1–12 (2019)
Antonakakis, M., et al.: From throw-away traffic to bots: Detecting the rise of DGA-based malware. In: Proceedings of the 21th USENIX Security Symposium, pp. 491–506 (2012)
Carlini, N., Wagner, D.A.: Towards evaluating the robustness of neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 39–57 (2017)
Khormali, A., Abusnaina, A., Nyang, D., Yuksel, M., Mohaisen, A.: Examining the robustness of learning-based DDoS detection in software defined networks. In: Proceedings of the IEEE Conference on Dependable and Secure Computing, IDSC (2019)
Developers, Radare2 (2019). http://www.radare.org/r/
Thoma, M., et al.: Discriminative frequent subgraph mining with optimality guarantees. Stat. Anal. Data Min. 3(5), 302–318 (2010)
Yan, X., Han, J.: gSpan: graph-based substructure pattern mining. In: Proceedings of the 2002 IEEE International Conference on Data Mining, pp. 721–724 (2002)
Developers, Cyberiocs (2019). https://freeiocs.cyberiocs.pro/
Github (2019). https://github.com/
VirusTotal (2019). https://www.virustotal.com
Sebastián, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230–253. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_11
Acknowledgement
This work is supported by NRF grant 2016K1A1A2912757, NVIDIA GPU Grant (2018 and 2019), and a Cyber Florida Seed Grant.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Abusnaina, A., Alasmary, H., Abuhamad, M., Salem, S., Nyang, D., Mohaisen, A. (2019). Subgraph-Based Adversarial Examples Against Graph-Based IoT Malware Detection Systems. In: Tagarelli, A., Tong, H. (eds) Computational Data and Social Networks. CSoNet 2019. Lecture Notes in Computer Science(), vol 11917. Springer, Cham. https://doi.org/10.1007/978-3-030-34980-6_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-34980-6_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34979-0
Online ISBN: 978-3-030-34980-6
eBook Packages: Computer ScienceComputer Science (R0)