Analyzing and Detecting Internet of Things Malware Using Residual Static Graph- and String-Based Artifacts

Recently, the Internet of Things (IoT) has become wider and adopted many features from social networks and mainly uses sensing devices technologies, causing a rapid increase in production and adoption. However, security and privacy are serious threats that users usually take precautions to protect their devices and information. Thus, understanding the security shortcomings at first stage will educate IoT users to protect their connected things. Understanding IoT software through analysis, comparison (with other types of malware), and detection (from benign IoT) is an essential problem to mitigate security threats. We focus on two central perspectives, the graph and string representations of the software, typically extracted from the software binaries. First, we look into a comparative study of Android and IoT malware through the lenses of graph measurements. We construct the abstract structures of the malware, using Control Flow Graph (CFG) to represent malware binaries, and use them to conduct an in-depth analysis of malicious graphs. Machine Learning (ML) algorithms are actively used in the process of detecting and classifying malicious software. Toward detection, we use different CFG-based features as mentioned above, and augment them with CFGs of the benign dataset and build a detection system. Furthermore, we classify the IoT malware to their corresponding families. However, adversarial ML attacks on malware detectors are proposed in the literature. For example, Adversarial Examples (AEs) on the CFG can be generated by applying small perturbation to the graph features that force the model to misclassification. Thus, we propose Soteria, a CFG-based AEs detector utilizing deep learning with random walks to construct in-depth features. Moreover, we detect the malicious shell commands by extracting and analyzing the malicious commands of IoT malware. We utilize Natural Language Processing (NLP) for feature generation, followed by a deep learning model to detect malicious commands, hence detecting malware samples

A computational offloading optimization scheme based on deep reinforcement learning in perceptual network

Currently, the deep integration of the Internet of Things (IoT) and edge computing has improved the computing capability of the IoT perception layer. Existing offloading techniques for edge computing suffer from the single problem of solidifying offloading policies. Based on this, combined with the characteristics of deep reinforcement learning, this paper investigates a computation offloading optimization scheme for the perception layer. The algorithm can adaptively adjust the computational task offloading policy of IoT terminals according to the network changes in the perception layer. Experiments show that the algorithm effectively improves the operational efficiency of the IoT perceptual layer and reduces the average task delay compared with other offloading algorithms

EAKE-WC: Efficient and Anonymous Authenticated Key Exchange scheme for wearable computing

Wearable computing has shown tremendous potential to revolutionize and uplift the standard of our lives. However, researchers and field experts have often noted several privacy and security vulnerabilities in the field of wearable computing. In order to tackle these problems, various schemes have been proposed in the literature to improve the efficiency of authentication and key establishment procedure. However, the existing schemes have relatively high computation and communication overheads and are not resilient to various potential security attacks, which reduces their significance for applicability in constrained wearable devices. In this work, we propose an efficient and anonymous authenticated key exchange scheme for wearable computing (EAKE-WC), which performs mutual authentication between the user and the wearable device, and between the cloud server and the user. It also establishes secret session keys for each session to secure communication among the communicating entities. Additionally, the proposed EAKE-WC scheme is designed using authenticated encryption with associated data (AEAD) primitives like ASCON, bitwise XOR, and hash functions. Our results from the security analysis depict compliance of the proposed EAKE-WC with wearable computing's security criteria. In addition, we also demonstrate through a comprehensive comparative analysis that the proposed scheme, EAKE-WC, outperforms the existing benchmark schemes in various key performance areas, including lower communication and computational overheads, enhanced security, and added functionality

Intrusion detection based on bidirectional long short-term memory with attention mechanism

With the recent developments in the Internet of Things (IoT), the amount of data collected has expanded tremendously, resulting in a higher demand for data storage, computational capacity, and real-time processing capabilities. Cloud computing has traditionally played an important role in establishing IoT. However, fog computing has recently emerged as a new field complementing cloud computing due to its enhanced mobility, location awareness, heterogeneity, scalability, low latency, and geographic distribution. However, IoT networks are vulnerable to unwanted assaults because of their open and shared nature. As a result, various fog computing-based security models that protect IoT networks have been developed. A distributed architecture based on an intrusion detection system (IDS) ensures that a dynamic, scalable IoT environment with the ability to disperse centralized tasks to local fog nodes and which successfully detects advanced malicious threats is available. In this study, we examined the time-related aspects of network traffic data. We presented an intrusion detection model based on a two-layered bidirectional long short-term memory (Bi-LSTM) with an attention mechanism for traffic data classification verified on the UNSW-NB15 benchmark dataset. We showed that the suggested model outperformed numerous leading-edge Network IDS that used machine learning models in terms of accuracy, precision, recall and F1 score

FedDP: A privacy-protecting theft detection scheme in smart grids using federated learning

In smart grids (SGs), the systematic utilization of consumer energy data while maintaining its privacy is of paramount importance. This research addresses this problem by energy theft detection while preserving the privacy of client data. In particular, this research identifies centralized models as more accurate in predicting energy theft in SGs but with no or significantly less data protection. Current research proposes a novel federated learning (FL) framework, namely FedDP, to tackle this issue. The proposed framework enables various clients to benefit from on-device prediction with very little communication overhead and to learn from the experience of other clients with the help of a central server (CS). Furthermore, for the accurate identification of energy theft, the use of a novel federated voting classifier (FVC) is proposed. FVC uses the majority voting-based consensus of traditional machine learning (ML) classifiers namely, random forests (RF), k-nearest neighbors (KNN), and bagging classifiers (BG). To the best of our knowledge, conventional ML classifiers have never been used in a federated manner for energy theft detection in SGs. Finally, substantial experiments are performed on the real-world energy consumption dataset. Results illustrate that the proposed model can accurately and efficiently detect energy theft in SGs while guaranteeing the security of client data