TY - GEN
T1 - Systematically Evaluating the Robustness of ML-based IoT Malware Detection Systems
AU - Abusnaina, Ahmed
AU - Anwar, Afsah
AU - Alshamrani, Sultan
AU - Alabduljabbar, Abdulrahman
AU - Jang, Rhong Ho
AU - Nyang, Dae Hun
AU - Mohaisen, David
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/10/26
Y1 - 2022/10/26
N2 - The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks. This has led to an explosion in the number of IoT malware, with continued mutations, evolution, and sophistication. Malware samples are detected using machine learning (ML) algorithms alongside the traditional signature-based methods. Although ML-based detectors improve the detection performance, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. This continuous trend motivates large body of literature on malware analysis and detection research, with many systems emerging constantly, outperforming their predecessors. In this paper, we systematically examine the state-of-the-art malware detection approaches, that utilize various representation and learning techniques, under a range of adversarial settings. Our analyses highlight the instability of the proposed detectors in learning patterns that distinguish the benign from the malicious software. The results exhibit that software mutations with functionality-preserving operations, such as stripping and padding, significantly deteriorate the accuracy of such detectors. Additionally, our analysis of the industry-standard malware detectors shows their instability to the malware mutations. Through extensive experiments, we highlight the gap between the capabilities of the adversary and that of the existing malware detectors. The evaluations and analyses show that the optimal malware detection system is nowhere near and calls for the community to streamline their efforts towards testing the robustness of malware detectors to different manipulation techniques.
AB - The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks. This has led to an explosion in the number of IoT malware, with continued mutations, evolution, and sophistication. Malware samples are detected using machine learning (ML) algorithms alongside the traditional signature-based methods. Although ML-based detectors improve the detection performance, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. This continuous trend motivates large body of literature on malware analysis and detection research, with many systems emerging constantly, outperforming their predecessors. In this paper, we systematically examine the state-of-the-art malware detection approaches, that utilize various representation and learning techniques, under a range of adversarial settings. Our analyses highlight the instability of the proposed detectors in learning patterns that distinguish the benign from the malicious software. The results exhibit that software mutations with functionality-preserving operations, such as stripping and padding, significantly deteriorate the accuracy of such detectors. Additionally, our analysis of the industry-standard malware detectors shows their instability to the malware mutations. Through extensive experiments, we highlight the gap between the capabilities of the adversary and that of the existing malware detectors. The evaluations and analyses show that the optimal malware detection system is nowhere near and calls for the community to streamline their efforts towards testing the robustness of malware detectors to different manipulation techniques.
KW - Adversarial Machine Learning
KW - Robust Malware Detection
UR - http://www.scopus.com/inward/record.url?scp=85142502223&partnerID=8YFLogxK
U2 - 10.1145/3545948.3545960
DO - 10.1145/3545948.3545960
M3 - Conference contribution
AN - SCOPUS:85142502223
T3 - ACM International Conference Proceeding Series
SP - 308
EP - 320
BT - Proceedings of 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022
PB - Association for Computing Machinery
T2 - 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022
Y2 - 26 October 2022 through 28 October 2022
ER -
