EAI Endorsed Transactions on Security and Safety

Binary Code Similarity Detection through LSTM and Siamese Neural Network

2022-03-16T09:33:22+00:00

Given the fact that many software projects are closed-source, analyzing security-related vulnerabilities at the binary level is quintessential to protect computer systems from attacks of malware. Binary code similarity detection is a potential solution for detecting malware from the binaries generated by the processor. In this paper, we proposed a malware detection mechanism based on the binaries using machine learning techniques. Through utilizing the Recurrent Neural Network (RNN), more specifically Long Short-Term Memory (LSTM) network, we generate the uniformed feature embedding of each binary file and further take advantage of the Siamese Neural Network to compute the similarity measure of the extracted features. Therefore, the security risks of the software projects can be evaluated through the similarity measure of the corresponding binaries with existing trained malware. Our real-world experimental results demonstrate a convincing performance in distinguishing out the outliers, and achieved slightly better performance compared with existing state-of-the-art methods.

Leveraging attention-based deep neural networks for security vetting of Android applications

2022-03-16T09:55:07+00:00

Many traditional machine learning and deep learning algorithms work as a black box and lack interpretability. Attention-based mechanisms can be used to address the interpretability of such models by providing insights into the features that a model uses to make its decisions. Recent success of attention-based mechanisms in natural language processing motivates us to apply the idea for security vetting of Android apps. An Android app’s code contains API-calls that can provide clues regarding the malicious or benign nature of an app. By observing the pattern of the API-calls being invoked, we can interpret the predictions of a model trained to separate benign apps from malicious apps. In this paper, using the attention mechanism, we aim to find the API-calls that are predictive with respect to the maliciousness of Android apps. More specifically, we target to identify a set of API-calls that malicious apps exploit, which might help the community discover new signatures of malware. In our experiment, we work with two attention-based models: Bi-LSTM Attention and Self-Attention. Our classification models achieve high accuracy in malware detection. Using the attention weights, we also extract the top 200 API-calls (that reflect the malicious behavior of the apps) from each of these two models, and we observe that there is significant overlap between the top 200 API-calls identified by the two models. This result increases our confidence that the top 200 API-calls can be used to improve the interpretability of the models.

A Comprehensive Survey on Intrusion Detection based Machine Learning for IoT Networks

2022-03-16T09:16:14+00:00

The Internet of things (IoT) is a new ubiquitous technology that relies on heterogeneous devices and protocols. The IoT technologies are expected to offer a new level of connectivity thanks to its smart devices able to enhance everyday tasks and facilitate smart decisions based on sensed data. The IoT could collect sensitive data and should be able to face attacks and privacy issues. The IoT security issue is a hot topic of research and industrial concern. Indeed, threats against IoT devices and services could cause security breaches and data leakage. Aiming to identify attempts to abuse the IoT systems and mitigate malicious events, this paper studied the Intrusion Detection Systems (IDS) based on Machine Learning (ML) techniques. The ML approach could provide good tools to detect novel intrusion activities in a timely manner. This paper, therefore, highlighted the related issues to develop secured and efficient IoT services. It tried to allow a comprehensive review of IoT features and design. It mainly focused on intrusion detection based on the machine learning schema and built a taxonomy of different IoT attacks and threats. This paper also compared between the different intrusion detection techniques and established a taxonomy of machine leaning methods for intrusion detection solutions.

FedADMP: A Joint Anomaly Detection and Mobility Prediction Framework via Federated Learning

2022-03-16T08:49:03+00:00

With the proliferation of mobile devices and smart cameras, detecting anomalies and predicting their mobility are critical for enhancing safety in ubiquitous computing systems. Due to data privacy regulations and limited communication bandwidth, it is infeasible to collect, transmit, and store all data from mobile devices at a central location. To overcome this challenge, we propose FedADMP, a federated learning based joint Anomaly Detection and Mobility Prediction framework. FedADMP adaptively splits the training process between the server and clients to reduce computation loads on clients. To protect the privacy of user data, clients in FedADMP upload only intermediate model parameters to the cloud server. We also develop a differential privacy method to prevent the cloud server and external attackers from inferring private information during the model upload procedure. Extensive experiments using real-world datasets show that FedADMP consistently outperforms existing methods.

Device Authentication Codes based on RF Fingerprinting using Deep Learning

2022-03-16T10:17:21+00:00

In this paper, we propose Device Authentication Code (DAC), a novel method for authenticating IoT devices with wireless interface, by exploiting their radio frequency (RF) signatures. The proposed DAC is based on RF fingerprinting, an information-theoretic method, feature learning, and the discriminatory power of deep learning. Specifically, an autoencoder is used to automatically extract features from the RF traces and the reconstruction error is used as the DAC, and this DAC is unique to each individual device. Then Kolmogorov-Smirnov (K-S) test is used to match the distribution of the reconstruction error generated by the receiver and the DAC in the received message, and the result will determine whether the device of interest is an intruder. We validate this concept on two experimentally collected RF traces from six ZigBee devices and five universal software defined radio peripheral devices, respectively. The traces span a range of Signal-to-Noise Ratio by varying locations, mobility of the devices, channel interference, and noise to ensure robustness of the model. Experimental results demonstrate that DAC is able to prevent device impersonation by extracting salient features that are unique to each wireless device of interest and can be used to identify radio frequency devices. Furthermore, the proposed method does not need the RF traces of the intruder during model training to be able to identify devices not seen during training, which makes it practical.