Skip to main content
SpringerLink
Log in

A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Due to the popularization of Internet of Things (IoT) devices, numerous and varied devices have been connected to the Internet. While various devices including home appliances operate via the Internet, attacks targeting many IoT devices are increasing because the vulnerabilities exist in them. Furthermore, there is a problem that introducing a security mechanism as software is difficult because they have few hardware resources. Therefore, a security mechanism which does not consume hardware resources such as CPU and memory is required. We propose a malware detection mechanism using values extracted from the processor. We aim to offload the malware detection mechanism to hardware by using the processor information and aim to suppress the consumption of hardware resources. In this paper, we implemented a prototype of our proposed mechanism using QEMU, which is a virtual machine. We show that our proposed mechanism can classify malware or benign programs by using the processor information as well as detect malware variant belonging to the same family.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. In this paper, we set the threshold to 80% from our experimental result.

References

  1. Gartner Says 8.4 Billion connected “Things” will be in use in 2017, up 31 percent from 2016 (2017). http://www.gartner.com/newsroom/id/3598917. Accessed 21 Sep 2018

  2. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and Other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  3. Malware in the age of IoT (2018). https://blog.trendmicro.com/malware-in-the-age-of-iot/. Accessed 17 Aug 2018

  4. BrickerBot malware emerges, permanently bricks IoT devices - security news - Trend Micro USA (2018). https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/brickerbot-malware-permanently-bricks-iot-devices. Accessed 17 Aug 2018

  5. Gartner, Internet of things research study: 2014 report. (2015). http://d-russia.ru/wp-content/uploads/2015/10/4AA5-4759ENW.pdf. Accessed 21 Sep 2018

  6. Malware Statistics & Trends Report | AV-TEST (2018). https://www.av-test.org/en/statistics/malware/. Accessed 21 Sep 2018

  7. Elhadi, A.A.E., Maarof, M.A., Osman, A.H.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9(13), 283–288 (2012)

    Google Scholar 

  8. Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: 2013 5th Conference on Information and Knowledge Technology (IKT), pp. 113–120 (2013)

  9. Mahindru, A., Singh, P.: Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th Innovations in Software Engineering Conference, pp. 202–210 (2017)

  10. Murakami, J., Ukai, Y.: Improving accuracy of malware detection by filtering evaluation dataset based on its similarity. In: Computser Security Symposium 2013 Journal, pp. 870–876 (2013) (in Japanese)

  11. Adkins, F., Jones, L., Carlisle, M., Upchurch, J.: Heuristic malware detection via basic block comparison. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE), pp. 11–18 (2013)

  12. Khodamoradi, P., Fazlali, M., Mardukhi, F., Nosrati, M.: Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms. In: 2015 18th CSI International Symposium on Computer Architecture and Digital Systems (CADS), pp. 1–6 (2015)

  13. TrustZone - Arm Developer (2018). https://developer.arm.com/technologies/trustzone. Accessed 21 Sep 2018

  14. Azab, A.M., Ning, P., Shah, J., Chen, Q., Bhutkar, R., Ganesh, G., Ma, J., Shen, W.: Hypervision across worlds: real-time kernel protection from the ARM TrustZone Secure World. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 90–102 (2014)

  15. Guan, L., Liu, P., Xing, X., Ge, X., Zhang, S., Yu, M., Jaeger, T.: TrustShadow: secure execution of unmodified applications with ARM TrustZone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488–501 (2017)

  16. Sabin G., Rashti M.: Security offload using the SmartNIC, a programmable 10 Gbps ethernet NIC. In: 2015 National Aerospace and Electronics Conference (NAECON), pp. 273–276 (2015)

  17. Thiruneelakandan, A., Thirumurugan, T.: An approach towards improved cyber security by hardware acceleration of OpenSSL cryptographic functions. In: 2011 International Conference on Electronics, Communication and Computing Technologies, pp. 13–16 (2011)

  18. Chang, J.K.T., Liu, S., Gaudiot, J.L., Liu, C.: Hardware-assisted security mechanism: The acceleration of cryptographic operations with low hardware cost. In: International Performance Computing and Communications Conference, pp. 327–328 (2010)

  19. Kobayashi, R., Takase, H., Otani, G., Ohmura, R., Kato, M.: Preliminary evaluation on the program classification at the processor level using machine learning. IEICE Tech. Rep. 117(316), 5–10 (2017). (in Japanese)

    Google Scholar 

  20. QEMU (2018). https://www.qemu.org/. Accessed 21 Sep 2018

  21. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  22. Cheng, C., Bouganis, C.S.: Accelerating random forest training process using FPGA. In: 2013 23rd International Conference on Field programmable Logic and Applications, pp. 1–7 (2013)

  23. micheloosterhof/cowrie-dev: Cowrie SSH/Telnet Honeypot (2018). https://github.com/micheloosterhof/cowrie-dev. Accessed 21 Sep 2018

  24. VirusTotal (2018). https://www.virustotal.com. Accessed 21 Sep 2018

  25. The Ultimate Packer for eXecutables (2018). https://upx.github.io/. Accessed 21 Sep 2018

  26. Guo, F., Ferrie, P., Chiueh, T.: A study of the Packer problem and its solutions. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) Recent Advances in Intrusion Detection, pp. 98–115. Springer, Berlin (2008)

    Chapter  Google Scholar 

  27. RISC-V Foundation (2019). https://riscv.org/. Accessed 26 Mar 2019

Download references

Acknowledgements

A part of this research was supported by JSPS KAKENHI Grant Numbers 17K00076 and 16K00071.

Author information

Authors and Affiliations

  1. Toyohashi University of Technology, 1-1, Hibarigaoka, Tenpaku-cho, Toyohashi-shi, Aichi, 441-8580, Japan

    Hayate Takase & Ren Ohmura

  2. Kogakuin University, 1-24-2, Nishi-shinjuku, Shinjuku-ku, Tokyo, 163-8677, Japan

    Ryotaro Kobayashi

  3. University of Nagasaki, 1-1-1, Manabino, Nagayo-cho, Nishisonogi-gun, Nagasaki, 851-2195, Japan

    Masahiko Kato

Authors
  1. Hayate Takase
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryotaro Kobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masahiko Kato
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ren Ohmura
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hayate Takase.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix A: malware list

Appendix A: malware list

Table 12 shows a list of malware used for our evaluation in this paper.

Table 12 Malware list
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Takase, H., Kobayashi, R., Kato, M. et al. A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information. Int. J. Inf. Secur. 19, 71–81 (2020). https://doi.org/10.1007/s10207-019-00437-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-019-00437-y

Keywords

Search

Navigation