Detecção de malware em ambientes IoT habilitados por SDN
Resumo
Programas maliciosos continuam sendo um dos principais desafios para a segurança dos sistemas computacionais. O crescimento do paradigma tecnológico da Internet das Coisas tem gerado diversas preocupações a respeito da segurança dos dispositivos conectados à Internet, especialmente em ambientes industriais, onde o comprometimento ou mau funcionamento de tais aparelhos pode ocasionar danos ao ambiente físico e colocar vidas humanas em risco. Este trabalho propõe o uma ferramenta híbrida para detecção de artefatos maliciosos em ambientes IoT habilitados por SDN. A solução combina o uso de regras YARA e machine learning para classificação de artefatos maliciosos a partir da análise do tráfego da rede. O algoritmo Random Forest implementado obteve uma acurácia de 99.33% no conjunto de dados de teste. Ao ser avaliada contra programas maliciosos reais, a ferramenta obteve uma taxa de detecção de 98.44% e um tempo de processamento médio de 0.0217s.Referências
Chaganti, R., Suliman, W., Ravi, V., and Dua, A. (2023). Deep learning approach for sdn-enabled intrusion detection system in iot networks. Information, 14(1):41.
Chang, H.-F., Wang, M. I.-C., Hung, C.-H., and Wen, C. H.-P. (2022). Enabling malware detection with machine learning on programmable switch. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–5. IEEE.
Garcia, S., Parmisano, A., and Erquiaga, M. J. (2020). IoT-23: A labeled dataset with malicious and benign IoT network traffic. More details here [link].
Gaurav, A., Gupta, B. B., and Panigrahi, P. K. (2023). A comprehensive survey on machine learning approaches for malware detection in iot-based enterprise information system. Enterprise Information Systems, 17(3):2023764.
Hauser, F., Häberle, M., Merling, D., Lindner, S., Gurevich, V., Zeiger, F., Frank, R., and Menth, M. (2023). A survey on data plane programming with p4: Fundamentals, advances, and applied research. Journal of Network and Computer Applications, 212:103561.
Khan, S. and Akhunzada, A. (2021). A hybrid dl-driven intelligent sdn-enabled malware detection framework for internet of medical things (iomt). Computer Communications, 170:209–216.
Kumar, S. and Chandavarkar, B. (2023). Analysis of mirai malware and its components. In Machine Learning, Image Processing, Network Security and Data Sciences: Select Proceedings of 3rd International Conference on MIND 2021, pages 851–861. Springer.
Liatifis, A., Sarigiannidis, P., Argyriou, V., and Lagkas, T. (2023). Advancing sdn from openflow to p4: A survey. ACM Computing Surveys, 55(9):1–37.
Maeda, S., Kanai, A., Tanimoto, S., Hatashima, T., and Ohkubo, K. (2019). A botnet detection method on sdn using deep learning. In 2019 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6. IEEE.
Muthanna, M. S. A., Alkanhel, R., Muthanna, A., Rafiq, A., and Abdullah, W. A. M. (2022). Towards sdn-enabled, intelligent intrusion detection system for internet of things (iot). IEEE Access, 10:22756–22768.
Peter, L. S., Kobo, H., and Srivastava, V. M. (2022). A comparative review analysis of openflow and p4 protocols based on software defined networks. Data Intelligence and Cognitive Informatics: Proceedings of ICDICI 2022, pages 699–711.
Chang, H.-F., Wang, M. I.-C., Hung, C.-H., and Wen, C. H.-P. (2022). Enabling malware detection with machine learning on programmable switch. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–5. IEEE.
Garcia, S., Parmisano, A., and Erquiaga, M. J. (2020). IoT-23: A labeled dataset with malicious and benign IoT network traffic. More details here [link].
Gaurav, A., Gupta, B. B., and Panigrahi, P. K. (2023). A comprehensive survey on machine learning approaches for malware detection in iot-based enterprise information system. Enterprise Information Systems, 17(3):2023764.
Hauser, F., Häberle, M., Merling, D., Lindner, S., Gurevich, V., Zeiger, F., Frank, R., and Menth, M. (2023). A survey on data plane programming with p4: Fundamentals, advances, and applied research. Journal of Network and Computer Applications, 212:103561.
Khan, S. and Akhunzada, A. (2021). A hybrid dl-driven intelligent sdn-enabled malware detection framework for internet of medical things (iomt). Computer Communications, 170:209–216.
Kumar, S. and Chandavarkar, B. (2023). Analysis of mirai malware and its components. In Machine Learning, Image Processing, Network Security and Data Sciences: Select Proceedings of 3rd International Conference on MIND 2021, pages 851–861. Springer.
Liatifis, A., Sarigiannidis, P., Argyriou, V., and Lagkas, T. (2023). Advancing sdn from openflow to p4: A survey. ACM Computing Surveys, 55(9):1–37.
Maeda, S., Kanai, A., Tanimoto, S., Hatashima, T., and Ohkubo, K. (2019). A botnet detection method on sdn using deep learning. In 2019 IEEE International Conference on Consumer Electronics (ICCE), pages 1–6. IEEE.
Muthanna, M. S. A., Alkanhel, R., Muthanna, A., Rafiq, A., and Abdullah, W. A. M. (2022). Towards sdn-enabled, intelligent intrusion detection system for internet of things (iot). IEEE Access, 10:22756–22768.
Peter, L. S., Kobo, H., and Srivastava, V. M. (2022). A comparative review analysis of openflow and p4 protocols based on software defined networks. Data Intelligence and Cognitive Informatics: Proceedings of ICDICI 2022, pages 699–711.
Publicado
24/05/2024
Como Citar
SOUZA, Cristian H. M.; ARIMA, Carlos H..
Detecção de malware em ambientes IoT habilitados por SDN. In: WORKSHOP DE PESQUISA EXPERIMENTAL DA INTERNET DO FUTURO (WPEIF), 15. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 15-22.
ISSN 2595-2692.
DOI: https://doi.org/10.5753/wpeif.2024.2594.