| Presentation | 2020-11-26 Malware detection for IoT devices using whitelist and Isolation Forest Masataka Nakahara, Norihiro Okui, Yasuaki Kobayashi, Yutaka Miyake, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | As the number of IoT (Internet of Things) devices increases, the countermeasures against cyberattacks related to IoT devices become more important. Although methods to prevent malware infection to IoT devices are important, such prevention becomes difficult due to sophisticated infection steps and lack of computational resource for security software in IoT devices. Therefore, detecting malware infection of devices is also important to suppress malware spread. As the types of IoT devices and malwares are increasing, advanced anomaly detection method like machine learning is required to find malware infected devices. Because IoT devices cannot analyze own behavior by using machine learning due to limited computing resources, such analysis should be executed at gateway devices to the Internet. So we have proposed an architecture for detecting malware behavior using flow data of packets instead of whole packet information. As this proposal only uses flow information of each IoT device, it can reduce the storage space taken up by data and can analyze number of IoT devices with low computational resources. We performed the malware traffic detection on proposed architecture by using machine learning algorithms, but there were a lot of false positive detection. Therefore, in this paper, we propose hybrid system using machine learning and white list automatically generated from the packet of devices. The white list eliminated benign packets from the target of malware traffic detection, and it can decrease the false positive rate. We evaluate the performance of proposed method and show the efficiency. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | IoT / anomaly detection / machine learning / white list |
| Paper # | ICSS2020-20 |
| Date of Issue | 2020-11-19 (ICSS) |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2020/11/26(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Malware detection for IoT devices using whitelist and Isolation Forest |
| Sub Title (in English) | |
| Keyword(1) | IoT |
| Keyword(2) | anomaly detection |
| Keyword(3) | machine learning |
| Keyword(4) | white list |
| 1st Author's Name | Masataka Nakahara |
| 1st Author's Affiliation | KDDI Research, Inc.(KDDI Research) |
| 2nd Author's Name | Norihiro Okui |
| 2nd Author's Affiliation | KDDI Research, Inc.(KDDI Research) |
| 3rd Author's Name | Yasuaki Kobayashi |
| 3rd Author's Affiliation | KDDI Research, Inc.(KDDI Research) |
| 4th Author's Name | Yutaka Miyake |
| 4th Author's Affiliation | KDDI Research, Inc.(KDDI Research) |
| Date | 2020-11-26 |
| Paper # | ICSS2020-20 |
| Volume (vol) | vol.120 |
| Number (no) | ICSS-264 |
| Page | pp.pp.7-12(ICSS), |
| #Pages | 6 |
| Date of Issue | 2020-11-19 (ICSS) |