Authors:
Masataka Nakahara
;
Norihiro Okui
;
Yasuaki Kobayashi
and
Yutaka Miyake
Affiliation:
KDDI Research, Inc., 2–1–15, Ohara, Fujimino-shi, Saitama, Japan
Keyword(s):
IoT Security, Malware, Anomaly Detection, Machine Learning, White List.
Abstract:
The number of cyber-attacks using IoT devices is increasing with the growth of IoT devices. Since the number of routes malware infection is increasing, it is necessary not only to prevent infection but also to take measures after infection. Therefore, high-performance detection techniques are required, but many existing technologies require large amounts of data and heavy processing. Then, there is a need for a system that can detect malware infection while reducing the processing load. Therefore, we have proposed an architecture for detecting malware traffic using flow data of packets instead of whole packet information. We performed the malware traffic detection on the proposed architecture by using machine learning algorithms focusing on the behavior of IoT devices, and could detect malware with some degree of accuracy. In this paper, in order to improve the accuracy, we propose a hybrid system using machine learning and the white list automatically generated using the rule of Man
ufacturer Usage Description (MUD). The white list eliminates benign packets from the target of malware traffic detection, and it can decrease the false positive rate. We evaluate the performance of proposed method and show the effectiveness.
(More)