SlideShare a Scribd company logo

Classifying IoT malware delivery patterns for attack detection

F
Fabrizio Farinacci

The Internet of Things (IoT) is one of the most promising technology vision of the most recent years. It will really impact the way economy, industry and govern- ments perform their operation, with all the benefits coming from the increase of connectivity among devices pushed to the limit. Unfortunately, the availability of countless number of Internet connected devices having a small but usable computing power is the Holy Grail of cybercriminals, especially if (like in the most of the cases) those devices are also particularly vulnerable to attacks. The enormous growth of IoT malware spotted in the wild is the proof that shows how the situation is already dramatic and that it is worsening everyday more and more. Designing strategies to defend, detect and mitigate those attacks it is critical to secure the IoT environment and to realize the vision of the Internet of Things. In this work, an approach for recognizing and classifying the attacks targeting IoT devices is presented. The approach leverages the fact that attacks and particularly malware (and even more in the case of the IoT) are characterized by extensive code reuse, enabling the identification of attack patterns characterizing the device compromise stage. Furthermore, the definition of those patterns enables the profiling, grouping and classification of the attacks in an effective and robust way against the small changes performed by attackers to evade signature-based approaches.

1 of 18
Downloaded 17 times
Classifying IoT malware delivery patterns for attack detection Master of Science in Engineering in Computer Science Candidate: Fabrizio Farinacci Student ID: 1530961 Thesis advisor: Prof. Leonardo Querzoni Co-Advisor: Dr. Giuseppe Laurenza A. Y. 2016 - 2017
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Background: The Internet of Things • The Internet of Things (IoT) is that vision in which anything from vehicles to home appliances are equipped with Internet connectivity and digitally connected for exchanging data. • Sadly, the IoT came recently under the spotlight more for its widespread security issues rather than its enormous potential. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Background: Threats affecting the IoT • Being the IoT panorama formed by unsecure, misconfigured and easily accessible devices, makes it the cybercriminals Holy Grail! • This environment favored the proliferation of IoT malware and in particular botnets, mainly devoted to perform DDoS attacks. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Problem statement and thesis objective Problem The highly vulnerable IoT landscape favors the proliferation of threats and in particular malware. Understanding and characterizing them is a fundamental requirement for preventing IoT devices compromise. Thesis objective Design a platform, trained on top of knowledge extracted from real attacks collected by the platform itself, capable of recognizing known attacks and detecting variants or completely new attacks. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Related work Works in the IoT security field divides into: • Studies providing basic security guidelines for preventing, mitigating and recovery from attacks. [Angrishi et al., 2017] • Proposing honeypot systems designed for the IoT environment, with the goal of assessing the current threats. [SIPHON, Guarnizo et al., 2017] • Designing detection strategies, employing either simple device white-listing mechanism or unreliable signature-based approaches. [Meidan et al., 2017] • Proposing proof-of-concept mechanism for detecting infected devices and automatize the recovery strategy. [AntibIoTic, De Donno et al., 2017] Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Contributions The contributions made by this work are the following: 1. Showing the honeypots capabilities of revealing IoT threats; 2. Identifying specific attack patterns for characterizing the attacks; 3. Introducing an approach for profiling the attacks; 4. Showing how profiles enable to group similar attacks; 5. Showing how profiles enable to classify and recognize attacks; 6. Showing how profiles enable to track the evolution of attacks. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Approach overview Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Attack profile extraction Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Attack patterns Definition Attack patterns are sequence of operations having a precise, but often hidden and sneaky goal meaningful for the attacker. Example # Mirai /bin/busybox cp /bin/echo dvrHelper; >dvrHelper; ... ... /bin/busybox cp dvrHelper upnp; > upnp; ... echo -ne "some HEX string" > upnp; /bin/busybox ECCHI ./upnp; ./dvrHelper telnet.mips; /bin/busybox IHCCE # Hajime cd /var; cat .s || cp /bin/echo .s; /bin/busybox ECCHI ... ... >.s; cp .s .i; echo -ne "some HEX string" > .s; /bin/busybox ECCHI ./.s>.i; ./.i; rm .s; exit Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Pattern-based attack representation Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Phase 4: Attack aggregation and classification • Once the attack profiles are extracted, they can be employed for: ◦ Grouping the attacks for devising attack classes and their evolution. ◦ Classifying the attacks and being so able to recognize them. • For the grouping task, we employed the unsupervised learning clustering algorithms BIRCH and DBSCAN. • For the classification task, we trained and evaluated the supervised learning classifiers Random Forest, Decision Tree, Bernoulli Naive Bayes and Linear Kernel SVM. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Dataset description and testing methodology Dataset: 270.000 attacks collected by the platform and divided in 17 classes, representing either variants or different attacks. Used metrics: • Attack grouping: Homogeneity and completeness scores, Fowlkes–Mallows index and silhouette coefficient. • Attack classification: F1 and accuracy scores, precision and recall. Performed tests: • Attack grouping: ◦ Clustering comparison on 50.000 samples ( 1/5 of dataset). ◦ Incremental time-based k-fold cross-validation (k = 10). • Attack classification: ◦ Incremental time-based k-fold cross-validation (k = 10). ◦ Stratified k-fold cross-validation (k = 5). Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 1: BIRCH and DBSCAN comparison 0,8 0,85 0,9 0,95 1 FMI Homogeneity Completeness Clustering comparison - Observed metrics DBSCAN BIRCH (a) Observed metrics comparison 0 2 4 6 8 10 Avg. Time (sec.) Clustering comparison - Time performance DBSCAN BIRCH (b) Time performance comparison Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 2: Incremental time-based k-fold grouping 0 0,2 0,4 0,6 0,8 1 1 2 3 4 5 6 7 8 9 10 Folds (Time) BIRCH Online - Periodical tuning FMI Homogeneity score Completeness score Silhouette coeff. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 3: Incremental time-based k-fold classification 0 0,2 0,4 0,6 0,8 1 1 2 3 4 5 6 7 8 9 Folds (Time) Random Forest - Incremental k-fold F1 score Precision Recall Accuracy score Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 4: Stratified k-fold classification 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM F1 score (c) F1 score 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM Precision (d) Precision 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM Recall (e) Recall 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM Accuracy score (f) Accuracy score Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Conclusions and future work Conclusions Results shown that our approach delivers promising results in the field of attack recognition, enabling to study the evolution of attacks, for at least for the subset of attacks that we managed to collect. Future work • Extending the platform, by: 1. Improving the honeypot platform; 2. Building a platform for organizing the data; 3. Developing Visual Analytics tools. • Improving the description of attacks, by: 1. Improving the attack pattern identification; 2. Integrating with signature-based information. • Online monitoring for attack prevention, by designing an online detection procedure capable of detecting ongoing attacks. Classifying IoT malware delivery patterns for attack detection
Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work That’s all! Thanks for the attention! Any questions? Classifying IoT malware delivery patterns for attack detection
Ad

Recommended

Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
NBBNOC
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
1&1
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
Yash
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
Kingston Smiler
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
Priyanka Aash
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
Sandeep Maurya
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
ijfls
 
Ad

More Related Content

What's hot (20)

What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
Kingston Smiler
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
Priyanka Aash
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
Ahmed Banafa
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
aungyekhant1
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
Zscaler
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
Kingston Smiler
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment Presentation
Lionel Medina
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Designing Virtual Network Security Architectures
Designing Virtual Network Security ArchitecturesDesigning Virtual Network Security Architectures
Designing Virtual Network Security Architectures
Priyanka Aash
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
Er. Ajay Sirsat
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
IoT security
IoT securityIoT security
IoT security
YashKesharwani2
 

Similar to Classifying IoT malware delivery patterns for attack detection (20)

An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
Sandeep Maurya
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
ijfls
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
ijfls
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learning
Venkat Projects
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Drjabez
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
SecureIoT H2020 funded project
 
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
IRJET Journal
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
guest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
Hannan Ahmed
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
IRJET Journal
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
Asif Anik
 
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...
IJNSA Journal
 
ICMCSI 2023 PPT 1074.pptx
ICMCSI 2023 PPT 1074.pptxICMCSI 2023 PPT 1074.pptx
ICMCSI 2023 PPT 1074.pptx
ajagbesundayadeola
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
Jennifer Wood
 
Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique
IRJET Journal
 
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptxAn Efficient Framework for Detection & Classification of IoT BotNet.pptx
An Efficient Framework for Detection & Classification of IoT BotNet.pptx
Sandeep Maurya
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
ijfls
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
ijfls
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)International Journal of Fuzzy Logic Systems (IJFLS)
International Journal of Fuzzy Logic Systems (IJFLS)
ijflsjournal087
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learning
Venkat Projects
 
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...
Drjabez
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
SecureIoT H2020 funded project
 
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.
IRJET Journal
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
guest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
Hannan Ahmed
 
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...
IRJET Journal
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
Asif Anik
 
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...
IJNSA Journal
 
ICMCSI 2023 PPT 1074.pptx
ICMCSI 2023 PPT 1074.pptxICMCSI 2023 PPT 1074.pptx
ICMCSI 2023 PPT 1074.pptx
ajagbesundayadeola
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
Jennifer Wood
 
Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using IDS Technique
IRJET Journal
 
Ad

More from Fabrizio Farinacci (8)

A taxonomy of botnet detection approaches
A taxonomy of botnet detection approachesA taxonomy of botnet detection approaches
A taxonomy of botnet detection approaches
Fabrizio Farinacci
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2C
Fabrizio Farinacci
 
A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection Approaches
Fabrizio Farinacci
 
The Same-Origin Policy
The Same-Origin PolicyThe Same-Origin Policy
The Same-Origin Policy
Fabrizio Farinacci
 
Deanonymize Tor Hidden Services
Deanonymize Tor Hidden ServicesDeanonymize Tor Hidden Services
Deanonymize Tor Hidden Services
Fabrizio Farinacci
 
RecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeoverRecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeover
Fabrizio Farinacci
 
RecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeoverRecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeover
Fabrizio Farinacci
 
Redis - Usability and Use Cases
Redis - Usability and Use CasesRedis - Usability and Use Cases
Redis - Usability and Use Cases
Fabrizio Farinacci
 
A taxonomy of botnet detection approaches
A taxonomy of botnet detection approachesA taxonomy of botnet detection approaches
A taxonomy of botnet detection approaches
Fabrizio Farinacci
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2C
Fabrizio Farinacci
 
A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection Approaches
Fabrizio Farinacci
 
The Same-Origin Policy
The Same-Origin PolicyThe Same-Origin Policy
The Same-Origin Policy
Fabrizio Farinacci
 
Deanonymize Tor Hidden Services
Deanonymize Tor Hidden ServicesDeanonymize Tor Hidden Services
Deanonymize Tor Hidden Services
Fabrizio Farinacci
 
RecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeoverRecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeover
Fabrizio Farinacci
 
RecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeoverRecipeX - Your personal caregiver and lifestyle makeover
RecipeX - Your personal caregiver and lifestyle makeover
Fabrizio Farinacci
 
Redis - Usability and Use Cases
Redis - Usability and Use CasesRedis - Usability and Use Cases
Redis - Usability and Use Cases
Fabrizio Farinacci
 
Ad

Recently uploaded (20)

Reese McCrary_ The Role of Perseverance in Engineering Success.pdf
Reese McCrary_ The Role of Perseverance in Engineering Success.pdfReese McCrary_ The Role of Perseverance in Engineering Success.pdf
Reese McCrary_ The Role of Perseverance in Engineering Success.pdf
Reese McCrary
 
Mode-Wise Corridor Level Travel-Time Estimation Using Machine Learning Models
Mode-Wise Corridor Level Travel-Time Estimation Using Machine Learning ModelsMode-Wise Corridor Level Travel-Time Estimation Using Machine Learning Models
Mode-Wise Corridor Level Travel-Time Estimation Using Machine Learning Models
Journal of Soft Computing in Civil Engineering
 
Surveying through global positioning system
Surveying through global positioning systemSurveying through global positioning system
Surveying through global positioning system
opneptune5
 
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjjseninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
AjijahamadKhaji
 
Jacob Murphy Australia - Excels In Optimizing Software Applications
Jacob Murphy Australia - Excels In Optimizing Software ApplicationsJacob Murphy Australia - Excels In Optimizing Software Applications
Jacob Murphy Australia - Excels In Optimizing Software Applications
Jacob Murphy Australia
 
C_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdf
C_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdfC_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdf
C_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdf
amanpathak160605
 
Routing Riverdale - A New Bus Connection
Routing Riverdale - A New Bus ConnectionRouting Riverdale - A New Bus Connection
Routing Riverdale - A New Bus Connection
jzb7232
 
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdfCOMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdf
Alvas Institute of Engineering and technology, Moodabidri
 
Water Industry Process Automation & Control Monthly May 2025
Water Industry Process Automation & Control Monthly May 2025Water Industry Process Automation & Control Monthly May 2025
Water Industry Process Automation & Control Monthly May 2025
Water Industry Process Automation & Control
 
How to Buy Snapchat Account A Step-by-Step Guide.pdf
How to Buy Snapchat Account A Step-by-Step Guide.pdfHow to Buy Snapchat Account A Step-by-Step Guide.pdf
How to Buy Snapchat Account A Step-by-Step Guide.pdf
jamedlimmk
 
ATAL 6 Days Online FDP Scheme Document 2025-26.pdf
ATAL 6 Days Online FDP Scheme Document 2025-26.pdfATAL 6 Days Online FDP Scheme Document 2025-26.pdf
ATAL 6 Days Online FDP Scheme Document 2025-26.pdf
ssuserda39791
 
JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...
JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...
JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...
Reflections on Morality, Philosophy, and History
 
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdfCOMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdf
Alvas Institute of Engineering and technology, Moodabidri
 
Autodesk Fusion 2025 Tutorial: User Interface
Autodesk Fusion 2025 Tutorial: User InterfaceAutodesk Fusion 2025 Tutorial: User Interface
Autodesk Fusion 2025 Tutorial: User Interface
Atif Razi
 
ML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdf
ML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdfML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdf
ML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdf
rameshwarchintamani
 
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
ijflsjournal087
 
sss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptx
sss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptx
sss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptx
ajayrm685
 
Applications of Centroid in Structural Engineering
Applications of Centroid in Structural EngineeringApplications of Centroid in Structural Engineering
Applications of Centroid in Structural Engineering
suvrojyotihalder2006
 
ML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdf
ML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdfML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdf
ML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdf
rameshwarchintamani
 
introduction technology technology tec.pptx
introduction technology technology tec.pptxintroduction technology technology tec.pptx
introduction technology technology tec.pptx
Iftikhar70
 
Reese McCrary_ The Role of Perseverance in Engineering Success.pdf
Reese McCrary_ The Role of Perseverance in Engineering Success.pdfReese McCrary_ The Role of Perseverance in Engineering Success.pdf
Reese McCrary_ The Role of Perseverance in Engineering Success.pdf
Reese McCrary
 
Mode-Wise Corridor Level Travel-Time Estimation Using Machine Learning Models
Mode-Wise Corridor Level Travel-Time Estimation Using Machine Learning ModelsMode-Wise Corridor Level Travel-Time Estimation Using Machine Learning Models
Mode-Wise Corridor Level Travel-Time Estimation Using Machine Learning Models
Journal of Soft Computing in Civil Engineering
 
Surveying through global positioning system
Surveying through global positioning systemSurveying through global positioning system
Surveying through global positioning system
opneptune5
 
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjjseninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
AjijahamadKhaji
 
Jacob Murphy Australia - Excels In Optimizing Software Applications
Jacob Murphy Australia - Excels In Optimizing Software ApplicationsJacob Murphy Australia - Excels In Optimizing Software Applications
Jacob Murphy Australia - Excels In Optimizing Software Applications
Jacob Murphy Australia
 
C_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdf
C_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdfC_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdf
C_Dayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy 3.pdf
amanpathak160605
 
Routing Riverdale - A New Bus Connection
Routing Riverdale - A New Bus ConnectionRouting Riverdale - A New Bus Connection
Routing Riverdale - A New Bus Connection
jzb7232
 
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdfCOMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-02 notes [BCG402-CG&V].pdf
Alvas Institute of Engineering and technology, Moodabidri
 
Water Industry Process Automation & Control Monthly May 2025
Water Industry Process Automation & Control Monthly May 2025Water Industry Process Automation & Control Monthly May 2025
Water Industry Process Automation & Control Monthly May 2025
Water Industry Process Automation & Control
 
How to Buy Snapchat Account A Step-by-Step Guide.pdf
How to Buy Snapchat Account A Step-by-Step Guide.pdfHow to Buy Snapchat Account A Step-by-Step Guide.pdf
How to Buy Snapchat Account A Step-by-Step Guide.pdf
jamedlimmk
 
ATAL 6 Days Online FDP Scheme Document 2025-26.pdf
ATAL 6 Days Online FDP Scheme Document 2025-26.pdfATAL 6 Days Online FDP Scheme Document 2025-26.pdf
ATAL 6 Days Online FDP Scheme Document 2025-26.pdf
ssuserda39791
 
JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...
JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...
JRR Tolkien’s Lord of the Rings: Was It Influenced by Nordic Mythology, Homer...
Reflections on Morality, Philosophy, and History
 
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdfCOMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdf
COMPUTER GRAPHICS AND VISUALIZATION :MODULE-1 notes [BCG402-CG&V].pdf
Alvas Institute of Engineering and technology, Moodabidri
 
Autodesk Fusion 2025 Tutorial: User Interface
Autodesk Fusion 2025 Tutorial: User InterfaceAutodesk Fusion 2025 Tutorial: User Interface
Autodesk Fusion 2025 Tutorial: User Interface
Atif Razi
 
ML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdf
ML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdfML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdf
ML_Unit_VI_DEEP LEARNING_Introduction to ANN.pdf
rameshwarchintamani
 
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
ijflsjournal087
 
sss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptx
sss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptx
sss1.pptxsss1.pptxsss1.pptxsss1.pptxsss1.pptx
ajayrm685
 
Applications of Centroid in Structural Engineering
Applications of Centroid in Structural EngineeringApplications of Centroid in Structural Engineering
Applications of Centroid in Structural Engineering
suvrojyotihalder2006
 
ML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdf
ML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdfML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdf
ML_Unit_V_RDC_ASSOCIATION AND DIMENSIONALITY REDUCTION.pdf
rameshwarchintamani
 
introduction technology technology tec.pptx
introduction technology technology tec.pptxintroduction technology technology tec.pptx
introduction technology technology tec.pptx
Iftikhar70
 

Classifying IoT malware delivery patterns for attack detection

  • 1. Classifying IoT malware delivery patterns for attack detection Master of Science in Engineering in Computer Science Candidate: Fabrizio Farinacci Student ID: 1530961 Thesis advisor: Prof. Leonardo Querzoni Co-Advisor: Dr. Giuseppe Laurenza A. Y. 2016 - 2017
  • 2. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Background: The Internet of Things • The Internet of Things (IoT) is that vision in which anything from vehicles to home appliances are equipped with Internet connectivity and digitally connected for exchanging data. • Sadly, the IoT came recently under the spotlight more for its widespread security issues rather than its enormous potential. Classifying IoT malware delivery patterns for attack detection
  • 3. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Background: Threats affecting the IoT • Being the IoT panorama formed by unsecure, misconfigured and easily accessible devices, makes it the cybercriminals Holy Grail! • This environment favored the proliferation of IoT malware and in particular botnets, mainly devoted to perform DDoS attacks. Classifying IoT malware delivery patterns for attack detection
  • 4. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Problem statement and thesis objective Problem The highly vulnerable IoT landscape favors the proliferation of threats and in particular malware. Understanding and characterizing them is a fundamental requirement for preventing IoT devices compromise. Thesis objective Design a platform, trained on top of knowledge extracted from real attacks collected by the platform itself, capable of recognizing known attacks and detecting variants or completely new attacks. Classifying IoT malware delivery patterns for attack detection
  • 5. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Related work Works in the IoT security field divides into: • Studies providing basic security guidelines for preventing, mitigating and recovery from attacks. [Angrishi et al., 2017] • Proposing honeypot systems designed for the IoT environment, with the goal of assessing the current threats. [SIPHON, Guarnizo et al., 2017] • Designing detection strategies, employing either simple device white-listing mechanism or unreliable signature-based approaches. [Meidan et al., 2017] • Proposing proof-of-concept mechanism for detecting infected devices and automatize the recovery strategy. [AntibIoTic, De Donno et al., 2017] Classifying IoT malware delivery patterns for attack detection
  • 6. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Contributions The contributions made by this work are the following: 1. Showing the honeypots capabilities of revealing IoT threats; 2. Identifying specific attack patterns for characterizing the attacks; 3. Introducing an approach for profiling the attacks; 4. Showing how profiles enable to group similar attacks; 5. Showing how profiles enable to classify and recognize attacks; 6. Showing how profiles enable to track the evolution of attacks. Classifying IoT malware delivery patterns for attack detection
  • 7. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Approach overview Classifying IoT malware delivery patterns for attack detection
  • 8. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Attack profile extraction Classifying IoT malware delivery patterns for attack detection
  • 9. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Attack patterns Definition Attack patterns are sequence of operations having a precise, but often hidden and sneaky goal meaningful for the attacker. Example # Mirai /bin/busybox cp /bin/echo dvrHelper; >dvrHelper; ... ... /bin/busybox cp dvrHelper upnp; > upnp; ... echo -ne "some HEX string" > upnp; /bin/busybox ECCHI ./upnp; ./dvrHelper telnet.mips; /bin/busybox IHCCE # Hajime cd /var; cat .s || cp /bin/echo .s; /bin/busybox ECCHI ... ... >.s; cp .s .i; echo -ne "some HEX string" > .s; /bin/busybox ECCHI ./.s>.i; ./.i; rm .s; exit Classifying IoT malware delivery patterns for attack detection
  • 10. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Pattern-based attack representation Classifying IoT malware delivery patterns for attack detection
  • 11. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Phase 4: Attack aggregation and classification • Once the attack profiles are extracted, they can be employed for: ◦ Grouping the attacks for devising attack classes and their evolution. ◦ Classifying the attacks and being so able to recognize them. • For the grouping task, we employed the unsupervised learning clustering algorithms BIRCH and DBSCAN. • For the classification task, we trained and evaluated the supervised learning classifiers Random Forest, Decision Tree, Bernoulli Naive Bayes and Linear Kernel SVM. Classifying IoT malware delivery patterns for attack detection
  • 12. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Dataset description and testing methodology Dataset: 270.000 attacks collected by the platform and divided in 17 classes, representing either variants or different attacks. Used metrics: • Attack grouping: Homogeneity and completeness scores, Fowlkes–Mallows index and silhouette coefficient. • Attack classification: F1 and accuracy scores, precision and recall. Performed tests: • Attack grouping: ◦ Clustering comparison on 50.000 samples ( 1/5 of dataset). ◦ Incremental time-based k-fold cross-validation (k = 10). • Attack classification: ◦ Incremental time-based k-fold cross-validation (k = 10). ◦ Stratified k-fold cross-validation (k = 5). Classifying IoT malware delivery patterns for attack detection
  • 13. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 1: BIRCH and DBSCAN comparison 0,8 0,85 0,9 0,95 1 FMI Homogeneity Completeness Clustering comparison - Observed metrics DBSCAN BIRCH (a) Observed metrics comparison 0 2 4 6 8 10 Avg. Time (sec.) Clustering comparison - Time performance DBSCAN BIRCH (b) Time performance comparison Classifying IoT malware delivery patterns for attack detection
  • 14. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 2: Incremental time-based k-fold grouping 0 0,2 0,4 0,6 0,8 1 1 2 3 4 5 6 7 8 9 10 Folds (Time) BIRCH Online - Periodical tuning FMI Homogeneity score Completeness score Silhouette coeff. Classifying IoT malware delivery patterns for attack detection
  • 15. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 3: Incremental time-based k-fold classification 0 0,2 0,4 0,6 0,8 1 1 2 3 4 5 6 7 8 9 Folds (Time) Random Forest - Incremental k-fold F1 score Precision Recall Accuracy score Classifying IoT malware delivery patterns for attack detection
  • 16. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Test 4: Stratified k-fold classification 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM F1 score (c) F1 score 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM Precision (d) Precision 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM Recall (e) Recall 0,995 0,996 0,997 0,998 0,999 1 Random Forest Decision Tree Bernoulli Naive Bayes Linear Kernel SVM Accuracy score (f) Accuracy score Classifying IoT malware delivery patterns for attack detection
  • 17. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work Conclusions and future work Conclusions Results shown that our approach delivers promising results in the field of attack recognition, enabling to study the evolution of attacks, for at least for the subset of attacks that we managed to collect. Future work • Extending the platform, by: 1. Improving the honeypot platform; 2. Building a platform for organizing the data; 3. Developing Visual Analytics tools. • Improving the description of attacks, by: 1. Improving the attack pattern identification; 2. Integrating with signature-based information. • Online monitoring for attack prevention, by designing an online detection procedure capable of detecting ongoing attacks. Classifying IoT malware delivery patterns for attack detection
  • 18. Introduction Related work and contributions Proposed approach Results evaluation Conclusions and future work That’s all! Thanks for the attention! Any questions? Classifying IoT malware delivery patterns for attack detection
  翻译: