Not logged in.

Quick Search - Contribution

Contribution Details

Type Master's Thesis
Scope Discipline-based scholarship
Title Novel Artificial Intelligence Techniques and System Calls to Detect Heterogeneous Malware Affecting IoT Spectrum Sensors
Organization Unit
Authors
  • Severin Kunz
Supervisors
  • Alberto Huertas Celdran
  • Jan Von der Assen
  • Burkhard Stiller
Language
  • English
Institution University of Zurich
Faculty Faculty of Business, Economics and Informatics
Date 2022
Abstract Text he spreading of IoT devices yields new attack vectors for hackers. In addition, the connectivity of IoT devices increases the potential damage to IoT systems. Therefore, detecting malware on such systems is crucial to limit the damage. Some years ago, Machine Learning combined with behavioral fingerprinting which takes information from the devices’ state has superseded file-based malware detection. This thesis concentrates on system call based malware detection and entails the following main contributions: Firstly, it extends malware detection by enabling the classification of specific attack phases of malware. Secondly, it evaluates the potential of Deep Learning models in the area of system call based attack phase detection in IoT devices and compares it with a Neural Network serving as a baseline model. Finally, the thesis assesses a TF-IDF based adapted preprocessing technique (TF-DF) for system calls, that seeks an enhanced representation of the most expressive system calls. For these purposes, a dataset consisting of system calls coming from a Raspberry Pi connected to a radio frequency network has been created. From the system calls of this dataset, eleven different attack phases stemming from four malware types (backdoor, botnet, ransomware, and rootkit) and one benign phase have been deducted. The classification results of the Neural Network model have significantly outscored the results of the implemented DL models. In combination with the proposed preprocessing technique TF-DF, an F1-score of 99.2% has been achieved then applying it on system call sequences with differing lengths. In a final step, the models have been evaluated with receiving equal length system call sequences where TF-IDF outperformed TF-DF and yielded an F1-score of 78.42%.
PDF File Download
Export BibTeX