Malware Detection for IoT Devices using Automatically Generated White List and Isolation Forest

Masataka Nakahara, Norihiro Okui, Yasuaki Kobayashi, Yutaka Miyake

Abstract

The number of cyber-attacks using IoT devices is increasing with the growth of IoT devices. Since the number of routes malware infection is increasing, it is necessary not only to prevent infection but also to take measures after infection. Therefore, high-performance detection techniques are required, but many existing technologies require large amounts of data and heavy processing. Then, there is a need for a system that can detect malware infection while reducing the processing load. Therefore, we have proposed an architecture for detecting malware traffic using flow data of packets instead of whole packet information. We performed the malware traffic detection on the proposed architecture by using machine learning algorithms focusing on the behavior of IoT devices, and could detect malware with some degree of accuracy. In this paper, in order to improve the accuracy, we propose a hybrid system using machine learning and the white list automatically generated using the rule of Manufacturer Usage Description (MUD). The white list eliminates benign packets from the target of malware traffic detection, and it can decrease the false positive rate. We evaluate the performance of proposed method and show the effectiveness.

Download


Paper Citation


in Harvard Style

Nakahara M., Okui N., Kobayashi Y. and Miyake Y. (2021). Malware Detection for IoT Devices using Automatically Generated White List and Isolation Forest. In Proceedings of the 6th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS, ISBN 978-989-758-504-3, pages 38-47. DOI: 10.5220/0010394900380047


in Bibtex Style

@conference{iotbds21,
author={Masataka Nakahara and Norihiro Okui and Yasuaki Kobayashi and Yutaka Miyake},
title={Malware Detection for IoT Devices using Automatically Generated White List and Isolation Forest},
booktitle={Proceedings of the 6th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,},
year={2021},
pages={38-47},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010394900380047},
isbn={978-989-758-504-3},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS,
TI - Malware Detection for IoT Devices using Automatically Generated White List and Isolation Forest
SN - 978-989-758-504-3
AU - Nakahara M.
AU - Okui N.
AU - Kobayashi Y.
AU - Miyake Y.
PY - 2021
SP - 38
EP - 47
DO - 10.5220/0010394900380047