Detection Method for Classifying Malicious Firmware

David Noever, Samantha E. Miller Noever
{"title":"Detection Method for Classifying Malicious Firmware","authors":"David Noever, Samantha E. Miller Noever","doi":"10.5121/ijnsa.2021.13601","DOIUrl":null,"url":null,"abstract":"A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and that typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants. To explain how the model makes classification decisions, the research applies traditional statistical methods such as both single and ensembles of decision trees with identifiable pixel or byte values that contribute the malicious or benign determination.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"47 10 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of network security & its applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5121/ijnsa.2021.13601","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and that typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants. To explain how the model makes classification decisions, the research applies traditional statistical methods such as both single and ensembles of decision trees with identifiable pixel or byte values that contribute the malicious or benign determination.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
恶意固件分类检测方法
恶意固件更新可能会对构成物联网(IoT)的嵌入式设备造成毁灭性破坏,这些设备通常缺乏与完整操作系统相同的安全验证。这项工作将40,000个固件示例的二进制头从字节转换为1024像素的缩略图,以训练深度神经网络。目的是使用现代深度学习方法区分良性和恶意变体,而不需要详细的功能或法医分析工具。这种图像转换的一个结果是能够与已经应用于处理数字识别(MNIST)的大量机器学习文献接触。另一个结果表明,使用基于图像的卷积神经网络(CNN)与迁移学习方法相结合,可以实现超过90%的准确率分类。设想中的CNN应用程序将在固件更新分发到物联网网络之前拦截固件更新,并对其包含恶意变体的可能性进行评分。为了解释模型如何进行分类决策,该研究应用了传统的统计方法,例如具有可识别的像素或字节值的决策树的单个和集合,这些决策树有助于恶意或良性的决定。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Invertible Neural Network for Inference Pipeline Anomaly Detection SPDZ-Based Optimistic Fair Multi-Party Computation Detection Exploring the Effectiveness of VPN Architecture in Enhancing Network Security for Mobile Networks: An Investigation Study A NOVEL ALERT CORRELATION TECHNIQUE FOR FILTERING NETWORK ATTACKS Offline Signature Recognition via Convolutional Neural Network and Multiple Classifiers
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1