A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting

Internet of Things (IoT) devices are increasingly deployed in different industries and for different purposes (e.g. sensing/collecting of environmental data in both civilian and military settings). The increasing presence in a broad range of applications, and their increasing computing and processing capabilities make them a valuable attack target, such as malware designed to compromise specific IoT devices. In this paper, we explore the potential of using Recurrent Neural Network (RNN) deep learning in detecting IoT malware. Specifically, our approach uses RNN to analyze ARM-based IoT applications’ execution operation codes (OpCodes). To train our models, we use an IoT application dataset comprising 281 malware and 270 benign ware. Then, we evaluate the trained model using 100 new IoT malware samples (i.e. not previously exposed to the model) with three different Long Short Term Memory (LSTM) configurations. Findings of the 10-fold cross validation analysis show that the second configuration with 2-layer neurons has the highest accuracy (98.18%) in the detection of new malware samples. A comparative summary with other machine learning classifiers also demonstrate that the LSTM approach delivers the best possible outcome

A survey on internet of things security: Requirements, challenges, and solutions

Internet of Things (IoT) is one of the most promising technologies that aims to enhance humans’ quality of life (QoL). IoT plays a significant role in several fields such as healthcare, automotive industries, agriculture, education, and many cross-cutting business applications. Addressing and analyzing IoT security issues is crucial because the working mechanisms of IoT applications vary due to the heterogeneity nature of IoT environments. Therefore, discussing the IoT security concerns in addition to available and potential solutions would assist developers and enterprises to find appropriate and timely solutions to tackle specific threats, providing the best possible IoT-based services. This paper provides a comprehensive study on IoT security issues, limitations, requirements, and current and potential solutions. The paper builds upon a taxonomy that taps into the three-layer IoT architecture as a reference to identify security properties and requirements for each layer. The main contribution of this survey is classifying the potential IoT security threat and challenges by an architectural view. From there, IoT security challenges and solutions are further grouped by the layered architecture for readers to get a better understanding on how to address and adopt best practices to avoid the current IoT security threats on each layer

Cryptocurrency malware hunting: A deep Recurrent Neural Network approach

© 2020 Elsevier B.V. In recent years, cryptocurrency trades have increased dramatically, and this trend has attracted cyber-threat actors to exploit the existing vulnerabilities and infect their targets. The malicious actors use cryptocurrency malware to perform complex computational tasks using infected devices. Since cryptocurrency malware threats perform a legal process, it is a challenging task to detect this type of threat by a manual or heuristic method. In this paper, we propose a novel deep Recurrent Neural Network (RNN) learning model for hunting cryptocurrency malware threats. Specifically, our proposed model utilizes the RNN to analyze Windows applications’ operation codes (Opcodes) as a case study. We collect a real-world dataset that comprises of 500 cryptocurrency malware and 200 benign-ware samples, respectively. The proposed model trains with five different Long Short-Term Memory (LSTM) structures and is evaluated by a 10-fold cross-validation (CV) technique. The obtained results prove that a 3-layer configuration model gains 98% of detection accuracy, which is the highest rate among other current configurations. We also applied traditional machine learning (ML) classifiers to show the applicability of deep learners (LSTM) versus traditional models in dealing with cryptocurrency malware

AI4SAFE-IoT: an AI-powered secure architecture for edge layer of Internet of things

© 2020, Springer-Verlag London Ltd., part of Springer Nature. With the increasing use of the Internet of things (IoT) in diverse domains, security concerns and IoT threats are constantly rising. The computational and memory limitations of IoT devices have resulted in emerging vulnerabilities in most IoT-run environments. Due to the low processing ability, IoT devices are often not capable of running complex defensive mechanisms. Lack of an architecture for a safer IoT environment is referred to as the most important barrier in developing a secure IoT system. In this paper, we propose a secure architecture for IoT edge layer infrastructure, called AI4SAFE-IoT. This architecture is built upon AI-powered security modules at the edge layer for protecting IoT infrastructure. Cyber threat attribution, intelligent web application firewall, cyber threat hunting, and cyber threat intelligence are the main modules proposed in our architecture. The proposed modules detect, attribute, and further identify the stage of an attack life cycle based on the Cyber Kill Chain model. In the proposed architecture, we define each security module and show its functionality against different threats in real-world applications. Moreover, due to the integration of AI security modules in a different layer of AI4SAFE-IoT, each threat in the edge layer will be handled by its corresponding security module delivered by a service. We compared the proposed architecture with the existing models and discussed our architecture independence of the underlying IoT layer and its comparatively low overhead according to delivering security as service for the edge layer of IoT architecture instead of embed implementation. Overall, we evaluated our proposed architecture based on the IoT service management score. The proposed architecture obtained 84.7 out of 100 which is the highest score among peer IoT edge layer security architectures

On the undetectability of payloads generated through automatic tools: A human‐oriented approach

Nowadays, several tools have been proposed to support the operations performed during a security assessment process. In particular, it is a common practice to rely on automated tools to carry out some phases of this process in an automatic or semiautomatic way. In this article, we focus on tools for the automatic generation of custom executable payloads. Then, we will show how these tools can be transformed, through some human-oriented modifications on the generated payloads, into threats for a given asset's security. The danger of such threats lies in the fact that they may not be detected by common antivirus (AVs). More precisely, in this article, we show a general approach to make a payload generated through automated tools run undetected by most AVs. In detail, we first analyze and explain most of the methods used by AVs to recognize malicious payloads and, for each one of them, we outline the relative strengths and flaws, showing how these flaws could be exploited using a general approach to evade AVs controls, by performing simple human-oriented operations on the payloads. The testing activity we performed shows that our proposal is helpful in evading virtually all the most popular AVs on the market. Therefore, low-skilled malicious users could easily use our approach