DL-FHMC: Deep Learning-Based Fine-Grained Hierarchical Learning Approach for Robust Malware Classification

The acceptance of the Internet of Things (IoT) for both household and industrial applications is accompanied by the rapid growth of IoT malware. With the increase of their attack surface, analyzing, understanding, and detecting IoT malicious behavior are crucial. Traditionally, machine and deep lear...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 19; no. 5; pp. 3432 - 3447
Main Authors Abusnaina, Ahmed, Abuhamad, Mohammed, Alasmary, Hisham, Anwar, Afsah, Jang, Rhongho, Salem, Saeed, Nyang, DaeHun, Mohaisen, David
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.09.2022
IEEE Computer Society
Subjects
adversarial attacks
Adversarial machine learning
Algorithms
Behavior
Cybersecurity
Deep learning
Graph matching
Graph theory
Industrial applications
Internet of Things
Isomorphism
Machine learning
Machine learning algorithms
Malware
malware detection
Robustness
Static analysis
Online AccessGet full text

Cover

More Information
Summary:The acceptance of the Internet of Things (IoT) for both household and industrial applications is accompanied by the rapid growth of IoT malware. With the increase of their attack surface, analyzing, understanding, and detecting IoT malicious behavior are crucial. Traditionally, machine and deep learning-based approaches are used for malware detection and behavioral understanding. However, recent research has shown the susceptibility of those approaches to adversarial attacks by introducing noise to the feature space. In this work, we introduce DL-FHMC, a fine-grained hierarchical learning approach for robust IoT malware detection. DL-FHMC utilizes Control Flow Graph (CFG)-based behavioral patterns for adversarial IoT malicious software detection. In particular, we extract a comprehensive list of behavioral patterns from a large dataset of malicious IoT binaries, represented by the shared execution flows, and use them as a modality for malicious behavior detection. Leveraging machine learning and subgraph isomorphism matching algorithms, DL-FHMC provides state-of-the-art performance in detecting malware samples and adversarial examples (AEs). We first highlight the caveats of CFG-based IoT malware detection systems, showing the adversarial capabilities in generating practical functionality-preserving AEs with reduced overhead using Graph Embedding and Augmentation (GEA) techniques. We then introduce Suspicious Behavior Detector, a component that extracts comprehensive behavioral patterns from three popular IoT malicious families, Gafgyt, Mirai, and Tsunami, for AEs detection with high accuracy. The proposed detector operates as a model-independent standalone module, with no prior assumptions of the adversarial attacks nor their configurations.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2021.3097296