Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques,Security and Communication Networks

当前位置： X-MOL 学术 › Secur. Commun. Netw. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques
Security and Communication Networks ( IF 1.968 ) Pub Date : 2021-09-07 , DOI: 10.1155/2021/9396141
Shudong Li ₁ , Qianqing Zhang ₁ , Xiaobo Wu ₂ , Weihong Han ₁ , Zhihong Tian ₁

Affiliation

In recent years, the popularity of IoT (Internet of Things) applications and services has brought great convenience to people's lives, but ubiquitous IoT has also brought many security problems. Among them, advanced persistent threat (APT) is one of the most representative attacks, and its continuous outbreak has brought unprecedented security challenges for the large-scale deployment of the IoT. However, important research on analyzing the attribution of APT malware samples is still relatively few. Therefore, we propose a classification method for attribution organizations with APT malware in IoT using machine learning. It aims to mark the real attacking organization entities to better identify APT attack activity and protect the security of IoT. This method performs feature representation and feature selection based on APT behavior data obtained from devices in the Internet of Things and selects the features with a high degree of differentiation among organizations. Then, it trains a multiclass model named SMOTE-RF that can better deal with imbalance and multiclassification problems. Our experiments on real dynamic behavior data are combined to verify the effectiveness of the method proposed in this paper for attribution analysis of APT malware samples and achieve good performance. Our method could identify the organization behind complex APT attacks in IoT devices and services.

中文翻译：

基于机器学习技术的物联网APT恶意软件属性分类方法

近年来，IoT（物联网）应用和服务的普及给人们的生活带来了极大的便利，但无处不在的物联网也带来了诸多安全问题。其中，高级持续威胁（APT）是最具代表性的攻击之一，其持续爆发给物联网的大规模部署带来了前所未有的安全挑战。然而，关于分析 APT 恶意软件样本归属的重要研究仍然相对较少。因此，我们提出了一种使用机器学习对物联网中存在 APT 恶意软件的归因组织进行分类的方法。它旨在标记真实的攻击组织实体，以更好地识别 APT 攻击活动，保护物联网的安全。该方法基于从物联网中的设备获取的APT行为数据进行特征表示和特征选择，选择组织间差异化程度高的特征。然后，它训练一个名为 SMOTE-RF 的多类模型，可以更好地处理不平衡和多分类问题。结合我们在真实动态行为数据上的实验，验证了本文提出的方法对APT恶意软件样本的归因分析的有效性，并取得了良好的性能。我们的方法可以识别物联网设备和服务中复杂 APT 攻击背后的组织。它训练了一个名为 SMOTE-RF 的多类模型，可以更好地处理不平衡和多分类问题。结合我们在真实动态行为数据上的实验，验证了本文提出的方法对APT恶意软件样本的归因分析的有效性，并取得了良好的性能。我们的方法可以识别物联网设备和服务中复杂 APT 攻击背后的组织。它训练了一个名为 SMOTE-RF 的多类模型，可以更好地处理不平衡和多分类问题。结合我们在真实动态行为数据上的实验，验证了本文提出的方法对APT恶意软件样本的归因分析的有效性，并取得了良好的性能。我们的方法可以识别物联网设备和服务中复杂 APT 攻击背后的组织。

更新日期：2021-09-07

点击分享查看原文

点击收藏

公开下载

阅读更多本刊最新论文本刊介绍/投稿指南

全部期刊列表>>