Skip to main content
SpringerLink
Log in

Subgraph-Based Adversarial Examples Against Graph-Based IoT Malware Detection Systems

  • Conference paper
  • First Online:
Computational Data and Social Networks (CSoNet 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11917))

Included in the following conference series:

Abstract

Internet of Things (IoT) has become widely adopted in many fields, including industry, social networks, health care, and smart homes, connecting billions of IoT devices through the internet. Understanding and studying IoT malware through analysis using various approaches, such as Control Flow Graph (CFG)-based features and then applying deep learning detection, are widely explored. In this study, we investigate the robustness of such models against adversarial attacks. Our approach crafts the adversarial IoT software using the Subgraph Embedding and Augmentation (SGEA) method that reduces the embedded size required to cause misclassification. Intensive experiments are conducted to evaluate the performance of the proposed method. We observed that SGEA approach is able to misclassify all IoT malware samples as benign by embedding an average size of 6.8 nodes. This highlights that the current detection systems are prone to adversarial examples attacks; thus, there is a need to build more robust systems to detect such manipulated features generated by adversarial examples.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Antonakakis, M., et al.: Understanding the Mirai Botnet. In: Proceedings of the 26th USENIX Security Symposium, pp. 1093–1110 (2017)

    Google Scholar 

  2. Azmoodeh, A., Dehghantanha, A., Choo, K.-K.R.: Robust malware detection for Internet of (Battlefield) Things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4, 88–95 (2019)

    Article  Google Scholar 

  3. Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. 52, 251–266 (2015)

    Article  Google Scholar 

  4. Alasmary, H., et al.: Analyzing and detecting emerging Internet of Things malware: a graph-based approach. IEEE Internet Things J. (2019)

    Google Scholar 

  5. Mohaisen, A., Yun, A., Kim, Y.: Measuring the mixing time of social graphs. In: ACM IMC, pp. 383–389 (2010)

    Google Scholar 

  6. Mohaisen, A., Hopper, N., Kim, Y.: Keep your friends close: incorporating trust into social network-based Sybil defenses. In: Proceedings of the 30th IEEE International Conference on Computer Communications, INFOCOM, pp. 1943–1951 (2011)

    Google Scholar 

  7. Ian, C.S., Goodfellow, J., Shlens, J.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations, pp. 1–11 (2015)

    Google Scholar 

  8. Moosavi-Dezfooli, S., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)

    Google Scholar 

  9. Papernot, N., McDaniel, P.D., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), pp. 372–387 (2016)

    Google Scholar 

  10. Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4

    Chapter  Google Scholar 

  11. Abusnaina, A., Khormali, A., Alasmary, H., Park, J., Anwar, A., Mohaisen, A.: Adversarial learning attacks on graph-based IoT malware detection systems. In: 39th IEEE International Conference on Distributed Computing Systems, ICDCS (2019)

    Google Scholar 

  12. Wüchner, T., Ochoa, M., Pretschner, A.: Robust and effective malware detection through quantitative data flow graph metrics. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 98–118. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_6

    Chapter  Google Scholar 

  13. Caselden, D., Bazhanyuk, A., Payer, M., McCamant, S., Song, D.: HI-CFG: construction by binary analysis and application to attack polymorphism. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 164–181. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_10

    Chapter  Google Scholar 

  14. Alam, S., Horspool, R.N., Traoré, I., Sogukpinar, I.: A framework for metamorphic malware analysis and real-time detection. Comput. Secur. 48, 212–233 (2015)

    Article  Google Scholar 

  15. Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 129–143. Springer, Heidelberg (2006). https://doi.org/10.1007/11790754_8

    Chapter  Google Scholar 

  16. Yan, J., Jin, D., Yan, G.: Classifying malware represented as control flow graphs using deep graph convolutional neural networks. In: IEEE/IFIP DSN, pp. 1–12 (2019)

    Google Scholar 

  17. Antonakakis, M., et al.: From throw-away traffic to bots: Detecting the rise of DGA-based malware. In: Proceedings of the 21th USENIX Security Symposium, pp. 491–506 (2012)

    Google Scholar 

  18. Carlini, N., Wagner, D.A.: Towards evaluating the robustness of neural networks. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 39–57 (2017)

    Google Scholar 

  19. Khormali, A., Abusnaina, A., Nyang, D., Yuksel, M., Mohaisen, A.: Examining the robustness of learning-based DDoS detection in software defined networks. In: Proceedings of the IEEE Conference on Dependable and Secure Computing, IDSC (2019)

    Google Scholar 

  20. Developers, Radare2 (2019). http://www.radare.org/r/

  21. Thoma, M., et al.: Discriminative frequent subgraph mining with optimality guarantees. Stat. Anal. Data Min. 3(5), 302–318 (2010)

    Article  MathSciNet  Google Scholar 

  22. Yan, X., Han, J.: gSpan: graph-based substructure pattern mining. In: Proceedings of the 2002 IEEE International Conference on Data Mining, pp. 721–724 (2002)

    Google Scholar 

  23. Developers, Cyberiocs (2019). https://freeiocs.cyberiocs.pro/

  24. Github (2019). https://github.com/

  25. VirusTotal (2019). https://www.virustotal.com

  26. Sebastián, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230–253. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_11

    Chapter  Google Scholar 

Download references

Acknowledgement

This work is supported by NRF grant 2016K1A1A2912757, NVIDIA GPU Grant (2018 and 2019), and a Cyber Florida Seed Grant.

Author information

Authors and Affiliations

  1. University of Central Florida, Orlando, FL, 32816, USA

    Ahmed Abusnaina, Hisham Alasmary, Mohammed Abuhamad & Aziz Mohaisen

  2. Inha University, Incheon, South Korea

    Mohammed Abuhamad & DaeHun Nyang

  3. North Dakota State University, Fargo, ND, 58105, USA

    Saeed Salem

Authors
  1. Ahmed Abusnaina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hisham Alasmary
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammed Abuhamad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Saeed Salem
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. DaeHun Nyang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Aziz Mohaisen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed Abusnaina .

Editor information

Editors and Affiliations

  1. University of Calabria, Rende, Italy

    Andrea Tagarelli

  2. University of Illinois at Urbana-Champaign, Urbana, IL, USA

    Hanghang Tong

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abusnaina, A., Alasmary, H., Abuhamad, M., Salem, S., Nyang, D., Mohaisen, A. (2019). Subgraph-Based Adversarial Examples Against Graph-Based IoT Malware Detection Systems. In: Tagarelli, A., Tong, H. (eds) Computational Data and Social Networks. CSoNet 2019. Lecture Notes in Computer Science(), vol 11917. Springer, Cham. https://doi.org/10.1007/978-3-030-34980-6_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34980-6_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34979-0

  • Online ISBN: 978-3-030-34980-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation