ShellCore: Automating Malicious IoT Software Detection Using Shell Commands Representation
| Autor: | David Mohaisen, An Wang, Hisham Alasmary, Abdulrahman Alabduljabbar, Amro Awad, Ahmed Abusnaina, DaeHun Nyang, Mohammad Abuhamad, Afsah Anwar |
|---|---|
| Rok vydání: | 2022 |
| Předmět: |
Password
Software_OPERATINGSYSTEMS Traffic analysis Computer Networks and Communications business.industry Computer science Interface (computing) Deep learning Shell (computing) Denial-of-service attack computer.software_genre Computer Science Applications Software Hardware and Architecture Signal Processing Operating system Malware Artificial intelligence business computer Information Systems |
| Zdroj: | IEEE Internet of Things Journal. 9:2485-2496 |
| ISSN: | 2372-2541 |
| Popis: | The Linux shell is a command-line interpreter that provides users with a command interface to the operating system, allowing them to perform various functions. Although very useful in building capabilities at the edge, the Linux shell can be exploited, giving adversaries a prime opportunity to use them for malicious activities. With access to IoT devices, malware authors can abuse the Linux shell of those devices to propagate infections and launch large-scale attacks, e.g., DDoS. In this work, we provide a first look at the tasks managed by shell commands in Linux-based IoT malware towards detection. We analyze malicious shell commands found in IoT malware and build a neural network-based model, , to detect malicious shell commands. Namely, we collected a large dataset of shell commands, including malicious commands extracted from 2,891 IoT malware samples and benign commands collected from real-world network traffic analysis and volunteered data from Linux users. Using conventional machine and deep learning-based approaches trained with a term-and character-level features, is shown to achieve an accuracy of more than 99% in detecting malicious shell commands and files (i.e. binaries). |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|