Book chapter
System Call Processing Using Lightweight NLP for IoT Behavioral Malware Detection
Ubiquitous Security
16 Feb 2023
Abstract
Although much of the work in behaviorally detecting malware lies in collecting the best explanatory data and using the most efficacious machine learning models, the processing of the data can sometimes prove to be the most important step in the data pipeline. In this work, we collect kernel-level system calls on a resource-constrained Internet of Things (IoT) device, apply lightweight Natural Language Processing (NLP) techniques to the data, and feed this processed data to two simple machine learning classification models: Logistic Regression (LR) and a Neural Network (NN). For the data processing, we group the system calls into n-grams that are sorted by the timestamp in which they are recorded. To demonstrate the effectiveness, or lack thereof, of using n-grams, we deploy two types of malware onto the IoT device: a Denial-of-Service (DoS) attack, and an Advanced Persistent Threat (APT) malware. We examine the effects of using lightweight NLP on malware like the DoS and the stealthy APT malware. For stealthier malware, such as the APT, using more advanced, but far more resource-intensive, NLP techniques will likely increase detection capability, which is saved for future work.
Metrics
19 Record Views
2 citations in Scopus
Details
- Title
- System Call Processing Using Lightweight NLP for IoT Behavioral Malware Detection
- Creators
- John CarterSpiros MancoridisMalvin NkomoSteven WeberKapil R. Dandekar
- Publication Details
- Ubiquitous Security
- Series
- Communications in Computer and Information Science
- Publisher
- Springer Nature Singapore; Singapore
- Resource Type
- Book chapter
- Language
- English
- Academic Unit
- Electrical and Computer Engineering; Computer Science
- Scopus ID
- 2-s2.0-85151051070
- Other Identifier
- 991020080054404721