Not logged in.
Quick Search - Contribution
|Title||Creation of a Dataset Modeling the Behavior of Malware Affecting the Confidentiality of Data Managed by IoT Devices|
|Institution||University of Zurich|
|Faculty||Faculty of Business, Economics and Informatics|
|Abstract Text||The increasing demand for IoT devices and services leads to an ever growing number of IoT concepts, platforms and networks, such as crowdsensing. IoT platforms are often vulnerable to cyber attacks due to their exposition to the internet and their resource constrained capabilities. Cyber attacks can be conducted by different malware families, being spyware and backdoors two of the most dangerous ones. The goal of backdoors and spyware is in many cases the data being stored on and handled by IoT devices. Since backdoor development is evolving, traditional detection solutions are often not able to detect zero-day attacks. Nowadays, the trend to address this challenge is to apply behavioral fingerprinting analysis in combination with machine and deep learning models. In order to apply machine and deep learning models eeffectively, datasets containing clean and infected device behavior are required. However, there are open challenges regarding existing datasets. In many cases, these datasets do not concern themselves with resource constrained devices. Also, many existing datasets are too old and do not focus on the internal behavior. Thus, the present thesis' main contribution is the creation of FabIoT, a dataset modeling the internal behavior of a resource-constrained device while being infected by backdoors as well as the normal behavior. The test device is part of a real-world IoT crowdsensing platform, ElectroSense. Three real-world backdoors exhibiting a wide variety of attack behaviors were used to conduct the attacks. The data collection process involves the design and implementation of a custom monitoring software to examine and record the internal device behavior. After performing statistical analysis on the collected data, we were able to detect differences between the normal behavior and the behavior under attack and therefore, illustrate the value that FabIoT provides. Finally, we make the dataset freely available for research purposes.|