• PDF / 741,960 Bytes
• 13 Pages / 439.37 x 666.142 pts Page_size
• 57 Downloads / 276 Views

DOWNLOAD

REPORT

---

[email protected] 2 Mutah University, Karak, Jordan [email protected], [email protected]

Abstract. In Zero-Day malware challenges, attackers take advantage of every second that the anti-malware vendor delays identifying the attacking malware signature and provide the updates. Furthermore, the longer the detection phase delayed, the greater the damage to the host device. In other words, the inability to early detection of attacks complicates the problem and increases damage. Therefore, this study aims to develop an intelligent anti-malware system capable to instantly detect and terminate malware activities instead of waiting for antimalware updates. In its scope, the study focuses on the Internet of Things (IoT) malware detection based on Machine Learning (ML) techniques. A recent opensource ML algorithm called Light Gradient Boosting Algorithm (LightGBM) is used to develop our instant anti-malware approach at both host and network layers without the need for any human intervention. The results show a promising approach for detecting and classifying malware with high accuracy reaches almost (100%) at both the network and host levels based on the cross-validation Holdout method. Furthermore, the results show the ability of the proposed approach to early detect IoT botnet attacks, which is an essential feature for terminating the botnet activity before propagating to a new network device. Keywords: Malware · Machine learning · Botnet · Internet of Things · Gradient boosting · LightGBM

1 Introduction Competition between attacks and security defenses will never end. With each security enhancement, new attacking tools are developed to overcome security defense. Malware or malicious software is the most common type of cybersecurity threats that can perform either active attacks, passive attacks or both together. Traditional virus scanning solutions rely on manually created malware signatures and statistics analysis, which never be able to practically satisfy the increasing demand for security defense solutions against malware. Off-the-shelf antivirus software products require to be updated frequently with the newly detected malware signatures. Therefore, traditional virus software unable to detect malware in real-time of the zero-day attack. However, after new malware’s first attack and classified as wild, companies analysis the malware and create their signature then release definition updates to their products so it can recognize the new malware. © Springer Nature Switzerland AG 2020 K. Arai et al. (Eds.): SAI 2020, AISC 1230, pp. 391–403, 2020. https://doi.org/10.1007/978-3-030-52243-8_28

392

M. Al-kasassbeh et al.

Before the release of definition updates, several terabytes of data may be lost or stolen, and millions of dollars might get lost because of these attacks. Governments, companies, and individuals are potential victims of malware attacks. With every zero-day malware attacks, there will be a massive and unrecoverable financial and data loss. The number of the victims grow as well as the loss