当前位置: X-MOL 学术Ad Hoc Netw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Generative adversarial network to detect unseen Internet of Things malware
Ad Hoc Networks ( IF 4.8 ) Pub Date : 2021-07-15 , DOI: 10.1016/j.adhoc.2021.102591
Zahra Moti 1 , Sattar Hashemi 1 , Hadis Karimipour 2 , Ali Dehghantanha 3 , Amir Namavar Jahromi 2 , Lida Abdi 1 , Fatemeh Alavi 1
Affiliation  

Machine learning is significantly used for malware and adversary detection in the industrial internet of things networks. However, majority of these methods require a significant prior knowledge of malware properties to identify optimal features for malware detection. This is a more significant challenge in IoT environment due to limited availability of malware samples. Some researchers utilized data deformation techniques such as converting malware to images or music to generate features that can be used for malware detection. However, these processes can be time-consuming and require a significant amount of data. This paper proposes MalGan, a framework for detecting and generating new malware samples based on the raw byte code at the edge layer of the Internet of Things (IoT) networks. Convolutional Neural Network (CNN) was utilized to extract high-level features, and boundary-seeking Generative Adversarial Network technique was used to generate new malware samples. Thus, even with a few malware samples, a significant number of previously unseen malware samples are detectable with high accuracy. To capture the short-term and long-term dependency of features, we employed an attention-based model, a combination of CNN and Long Short Term Memory. The attention mechanism improves the model’s performance by increasing or decreasing attention to certain parts of the features. The proposed method is examined extensively using standard Windows and IoT malware datasets. The experimental results indicate that our proposed MalGan is the method of choice, as it offers a higher detection rate compared to the previous malware detection algorithms.



中文翻译:

生成对抗网络来检测看不见的物联网恶意软件

机器学习在工业物联网网络中被大量用于恶意软件和对手检测。然而,这些方法中的大多数都需要对恶意软件属性有重要的先验知识来识别恶意软件检测的最佳特征。由于恶意软件样本的可用性有限,这在物联网环境中是一个更重大的挑战。一些研究人员利用数据变形技术(例如将恶意软件转换为图像或音乐)来生成可用于恶意软件检测的特征。但是,这些过程可能非常耗时,并且需要大量数据。本文提出了 MalGan,这是一种基于物联网 (IoT) 网络边缘层的原始字节码检测和生成新恶意软件样本的框架。卷积神经网络(CNN)被用来提取高级特征,边界寻求生成对抗网络技术被用来生成新的恶意软件样本。因此,即使使用少量恶意软件样本,也可以高精度检测到大量以前未见过的恶意软件样本。为了捕捉特征的短期和长期依赖性,我们采用了基于注意力的模型,即 CNN 和长期短期记忆的组合。注意力机制通过增加或减少对特征某些部​​分的注意力来提高模型的性能。使用标准 Windows 和 IoT 恶意软件数据集对所提出的方法进行了广泛检查。实验结果表明,我们提出的 MalGan 是首选方法,

更新日期:2021-07-22
down
wechat
bug