Systemically Evaluating the Robustness of ML-based IoT Malware Detectors

Ahmed Abusnaina; Afsah Anwar; Sultan Alshamrani; Abdulrahman Alabduljabbar; Rhongho Jang; Daehun Nyang; David Mohaisen

doi:10.1109/DSN-S52858.2021.00012

Systemically Evaluating the Robustness of ML-based IoT Malware Detectors

Ahmed Abusnaina, Afsah Anwar, Sultan Alshamrani, Abdulrahman Alabduljabbar, Rhongho Jang, Daehun Nyang, David Mohaisen

Department of Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks caused by malicious software. Machine learning (ML) algorithms, alongside the traditional signature-based methods, are typically used to detect malicious activities and behaviors. However, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. In this work, we systematically examine the state-of-The-Art malware detection approaches using various representations, under a range of adversarial settings. Our preliminary analyses highlight the instability of the learning algorithms in learning patterns that distinguish the benign from the malicious. Our mutations with functionality-preserving operations, e.g., software stripping and binary padding, significantly deteriorate the accuracy of malware detectors.

Original language	English
Title of host publication	Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	3-4
Number of pages	2
ISBN (Electronic)	9781665435666
DOIs	https://doi.org/10.1109/DSN-S52858.2021.00012
State	Published - Jun 2021
Event	51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021 - Virtual, Taipei, Taiwan, Province of China Duration: 21 Jun 2021 → 24 Jun 2021

Publication series

Name	Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021

Conference

Conference	51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021
Country/Territory	Taiwan, Province of China
City	Virtual, Taipei
Period	21/06/21 → 24/06/21

Bibliographical note

Funding Information:
IV. CONCLUSION Despite advancesin AI-backed system defenses, the systems have been shown to be vulnerable. With this work, we systematically evaluated the state of a range of malware detectors, proposed by the research community and industry-standard. Our effort unveils the status-quo of the existing detectors, and brings forward various insights to consider when proposing detection systems, particularly, the ML model robustness. Acknowledgement. This work was supported in part by NRF under grant 2016K1A1A2912757 and a CyberFlorida Collaborative Seed Award.

Publisher Copyright:
© 2021 IEEE.

Keywords

Adversarial Machine Learning
Internet of Things
Malware Detection

Access to Document

10.1109/DSN-S52858.2021.00012

Cite this

Abusnaina, A., Anwar, A., Alshamrani, S., Alabduljabbar, A., Jang, R., Nyang, D., & Mohaisen, D. (2021). Systemically Evaluating the Robustness of ML-based IoT Malware Detectors. In Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021 (pp. 3-4). (Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN-S52858.2021.00012

Abusnaina, Ahmed ; Anwar, Afsah ; Alshamrani, Sultan et al. / Systemically Evaluating the Robustness of ML-based IoT Malware Detectors. Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 3-4 (Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021).

@inproceedings{a89489769d7d4f0b937f6ccfa6022a50,

title = "Systemically Evaluating the Robustness of ML-based IoT Malware Detectors",

abstract = "The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks caused by malicious software. Machine learning (ML) algorithms, alongside the traditional signature-based methods, are typically used to detect malicious activities and behaviors. However, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. In this work, we systematically examine the state-of-The-Art malware detection approaches using various representations, under a range of adversarial settings. Our preliminary analyses highlight the instability of the learning algorithms in learning patterns that distinguish the benign from the malicious. Our mutations with functionality-preserving operations, e.g., software stripping and binary padding, significantly deteriorate the accuracy of malware detectors.",

keywords = "Adversarial Machine Learning, Internet of Things, Malware Detection",

author = "Ahmed Abusnaina and Afsah Anwar and Sultan Alshamrani and Abdulrahman Alabduljabbar and Rhongho Jang and Daehun Nyang and David Mohaisen",

note = "Funding Information: IV. CONCLUSION Despite advancesin AI-backed system defenses, the systems have been shown to be vulnerable. With this work, we systematically evaluated the state of a range of malware detectors, proposed by the research community and industry-standard. Our effort unveils the status-quo of the existing detectors, and brings forward various insights to consider when proposing detection systems, particularly, the ML model robustness. Acknowledgement. This work was supported in part by NRF under grant 2016K1A1A2912757 and a CyberFlorida Collaborative Seed Award. Publisher Copyright: {\textcopyright} 2021 IEEE.; 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021 ; Conference date: 21-06-2021 Through 24-06-2021",

year = "2021",

month = jun,

doi = "10.1109/DSN-S52858.2021.00012",

language = "English",

series = "Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "3--4",

booktitle = "Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021",

}

Abusnaina, A, Anwar, A, Alshamrani, S, Alabduljabbar, A, Jang, R, Nyang, D & Mohaisen, D 2021, Systemically Evaluating the Robustness of ML-based IoT Malware Detectors. in Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021. Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021, Institute of Electrical and Electronics Engineers Inc., pp. 3-4, 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021, Virtual, Taipei, Taiwan, Province of China, 21/06/21. https://doi.org/10.1109/DSN-S52858.2021.00012

Systemically Evaluating the Robustness of ML-based IoT Malware Detectors. / Abusnaina, Ahmed; Anwar, Afsah; Alshamrani, Sultan et al.
Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 3-4 (Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Systemically Evaluating the Robustness of ML-based IoT Malware Detectors

AU - Abusnaina, Ahmed

AU - Anwar, Afsah

AU - Alshamrani, Sultan

AU - Alabduljabbar, Abdulrahman

AU - Jang, Rhongho

AU - Nyang, Daehun

AU - Mohaisen, David

N1 - Funding Information: IV. CONCLUSION Despite advancesin AI-backed system defenses, the systems have been shown to be vulnerable. With this work, we systematically evaluated the state of a range of malware detectors, proposed by the research community and industry-standard. Our effort unveils the status-quo of the existing detectors, and brings forward various insights to consider when proposing detection systems, particularly, the ML model robustness. Acknowledgement. This work was supported in part by NRF under grant 2016K1A1A2912757 and a CyberFlorida Collaborative Seed Award. Publisher Copyright: © 2021 IEEE.

PY - 2021/6

Y1 - 2021/6

N2 - The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks caused by malicious software. Machine learning (ML) algorithms, alongside the traditional signature-based methods, are typically used to detect malicious activities and behaviors. However, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. In this work, we systematically examine the state-of-The-Art malware detection approaches using various representations, under a range of adversarial settings. Our preliminary analyses highlight the instability of the learning algorithms in learning patterns that distinguish the benign from the malicious. Our mutations with functionality-preserving operations, e.g., software stripping and binary padding, significantly deteriorate the accuracy of malware detectors.

AB - The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks caused by malicious software. Machine learning (ML) algorithms, alongside the traditional signature-based methods, are typically used to detect malicious activities and behaviors. However, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. In this work, we systematically examine the state-of-The-Art malware detection approaches using various representations, under a range of adversarial settings. Our preliminary analyses highlight the instability of the learning algorithms in learning patterns that distinguish the benign from the malicious. Our mutations with functionality-preserving operations, e.g., software stripping and binary padding, significantly deteriorate the accuracy of malware detectors.

KW - Adversarial Machine Learning

KW - Internet of Things

KW - Malware Detection

UR - http://www.scopus.com/inward/record.url?scp=85115637718&partnerID=8YFLogxK

U2 - 10.1109/DSN-S52858.2021.00012

DO - 10.1109/DSN-S52858.2021.00012

M3 - Conference contribution

AN - SCOPUS:85115637718

T3 - Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021

SP - 3

EP - 4

BT - Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021

Y2 - 21 June 2021 through 24 June 2021

ER -

Abusnaina A, Anwar A, Alshamrani S, Alabduljabbar A, Jang R, Nyang D et al. Systemically Evaluating the Robustness of ML-based IoT Malware Detectors. In Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 3-4. (Proceedings - 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, DSN-S 2021). doi: 10.1109/DSN-S52858.2021.00012

Systemically Evaluating the Robustness of ML-based IoT Malware Detectors

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this