Logo image
Back
Evaluation of an Anomaly Detector for Routers Using Parameterizable Malware in an IoT Ecosystem
Conference proceeding   Open access   Peer reviewed

Evaluation of an Anomaly Detector for Routers Using Parameterizable Malware in an IoT Ecosystem

John Carter and Spiros Mancoridis
UBIQUITOUS SECURITY, v 1557
01 Jan 2022
DOI: https://doi.org/10.1007/978-981-19-0468-4_5
url
http://arxiv.org/abs/2111.00097View
SubmittedOpen Access (License Unspecified) Open

Abstract

Computer Science Computer Science, Information Systems Computer Science, Theory & Methods Science & Technology Technology
This work explores the evaluation of a machine learning anomaly detector using custom-made parameterizable malware in an Internet of Things (IoT) Ecosystem. It is assumed that the malware has infected, and resides on, the Linux router that serves other devices on the network, as depicted in Fig. 1. This IoT Ecosystem was developed as a testbed to evaluate the efficacy of a behavior-based anomaly detector. The malware consists of three types of custom-made malware: ransomware, cryptominer, and keylogger, which all have exfiltration capabilities to the network. The parameterization of the malware gives the malware samples multiple degrees of freedom, specifically relating to the rate and size of data exfiltration. The anomaly detector uses feature sets crafted from system calls and network traffic, and uses a Support Vector Machine (SVM) for behavioral-based anomaly detection. The custom-made malware is used to evaluate the situations where the SVM is effective, as well as the situations where it is not effective.

Metrics

20 Record Views

Details

InCites Highlights

Data related to this publication, from InCites Benchmarking & Analytics tool:

Web of Science research areas
Computer Science, Information Systems
Computer Science, Theory & Methods
Logo image