Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Bachelor's Thesis |
| Scope | Discipline-based scholarship |
| Title | Creation of a Dataset Modeling the System Calls of Spectrum Sensors Affected by Malware |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2022 |
| Abstract Text | The growing usage of IoT devices brings in itself multiple different new use cases. From healthcare, location tracking to process automations and crowdsensing, IoT devices are being used more than ever. In parallel there has been a growing cybersecurity concern, as IoT devices are becoming a desirable target for cyber attackers. IoT devices, depending on their purpose can have access to large amounts of data which makes them an attractive target for cyber criminals. To further this issue, these devices are poorly secured and inherently, as they are resource constrained, can not support conventional cybersecurity software. IoT devices have been the targets of different kinds of malware, from botnets and backdoors to rootkits, ransomwares and others. A feasible way to sever these cyber security concerns and prevent these targeted malware attacks from happening, is with the help of Intrusion Detection Systems (IDSs). Nevertheless, traditional IDSs are powerless when it comes to detecting new unknown malware attacks, other wise known as zero day attacks. For this reason, new research is relying heavily on Machine Learning (ML) and Deep Learning (DL) decision engine based IDSs. A key component that determines the efficacy of these IDSs is a quality dataset, containing the behavior of a device under normal behavior and also the behavior when it has been compromised by novel malware, with which the ML or DL based IDS can be trained. A ML or DL based IDS with a quality dataset is then statistically better suited to detect novel malware. In spite of the importance of these datasets, quality datasets, especially ones modelling the internal behavior of IoT devices in a normal state and when under attack by zero day attacks such as botnets, backdoors and others, are scarce. In wake of this limitation, this thesis aims to create a quality dataset that accurately represents the internal behavior of an IoT device, both when it is functioning normally and when it is under attack. In order to accomplish this, the system calls of the IoT device, which in this specific case is an ElectroSense sensor, are monitored under normal behavior, gathered, cleaned and stored in a centralized directory. Then, the device is infected with current malware affecting IoT devices, such as the bashlite botnet, thetick backdoor, bdvl rootkit and a ransomware proof of concept and the monitoring process is repeated for each malware. The infections are sequential, meaning that the device is not infected with more than one malware at a time. Finally the generated dataset contains normal and anomalous behavior classified by malware. It is then evaluated through analyzing the sequences and frequencies of the system calls statistically. |
| PDF File |
Download
|
| Export |
BibTeX
|