Adversarial learning attacks on graph-based IoT malware detection systems

Ahmed Abusnaina; Aminollah Khormali; Hisham Alasmary; Jeman Park; Afsah Anwar; Aziz Mohaisen

doi:10.1109/ICDCS.2019.00130

Adversarial learning attacks on graph-based IoT malware detection systems

Ahmed Abusnaina, Aminollah Khormali, Hisham Alasmary, Jeman Park, Afsah Anwar, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

79 Citations (Scopus)

Abstract

IoT malware detection using control flow graph (CFG)-based features and deep learning networks are widely explored. The main goal of this study is to investigate the robustness of such models against adversarial learning. We designed two approaches to craft adversarial IoT software: off-the-shelf methods and Graph Embedding and Augmentation (GEA) method. In the off-the-shelf adversarial learning attack methods, we examine eight different adversarial learning methods to force the model to misclassification. The GEA approach aims to preserve the functionality and practicality of the generated adversarial sample through a careful embedding of a benign sample to a malicious one. Intensive experiments are conducted to evaluate the performance of the proposed method, showing that off-the-shelf adversarial attack methods are able to achieve a misclassification rate of 100%. In addition, we observed that the GEA approach is able to misclassify all IoT malware samples as benign. The findings of this work highlight the essential need for more robust detection tools against adversarial learning, including features that are not easy to manipulate, unlike CFG-based features. The implications of the study are quite broad, since the approach challenged in this work is widely used for other applications using graphs.

Original language	English
Title of host publication	Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1296-1305
Number of pages	10
ISBN (Electronic)	9781728125190
DOIs	https://doi.org/10.1109/ICDCS.2019.00130
Publication status	Published - Jul 2019
Event	39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019 - Richardson, United States Duration: 7 Jul 2019 → 9 Jul 2019

Publication series

Name	Proceedings - International Conference on Distributed Computing Systems
Volume	2019-July

Conference

Conference	39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019
Country/Territory	United States
City	Richardson
Period	7/07/19 → 9/07/19

Bibliographical note

Publisher Copyright:
© 2019 IEEE.

Keywords

Adversarial Learning
Deep Learning
Graph Analysis
Internet of Things
Malware Detection

Access to Document

10.1109/ICDCS.2019.00130

Cite this

Abusnaina, A., Khormali, A., Alasmary, H., Park, J., Anwar, A., & Mohaisen, A. (2019). Adversarial learning attacks on graph-based IoT malware detection systems. In Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019 (pp. 1296-1305). Article 8885251 (Proceedings - International Conference on Distributed Computing Systems; Vol. 2019-July). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICDCS.2019.00130

Abusnaina, Ahmed ; Khormali, Aminollah ; Alasmary, Hisham et al. / Adversarial learning attacks on graph-based IoT malware detection systems. Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 1296-1305 (Proceedings - International Conference on Distributed Computing Systems).

@inproceedings{9a4d948b22a54052b9d555512ca52f91,

title = "Adversarial learning attacks on graph-based IoT malware detection systems",

abstract = "IoT malware detection using control flow graph (CFG)-based features and deep learning networks are widely explored. The main goal of this study is to investigate the robustness of such models against adversarial learning. We designed two approaches to craft adversarial IoT software: off-the-shelf methods and Graph Embedding and Augmentation (GEA) method. In the off-the-shelf adversarial learning attack methods, we examine eight different adversarial learning methods to force the model to misclassification. The GEA approach aims to preserve the functionality and practicality of the generated adversarial sample through a careful embedding of a benign sample to a malicious one. Intensive experiments are conducted to evaluate the performance of the proposed method, showing that off-the-shelf adversarial attack methods are able to achieve a misclassification rate of 100%. In addition, we observed that the GEA approach is able to misclassify all IoT malware samples as benign. The findings of this work highlight the essential need for more robust detection tools against adversarial learning, including features that are not easy to manipulate, unlike CFG-based features. The implications of the study are quite broad, since the approach challenged in this work is widely used for other applications using graphs.",

keywords = "Adversarial Learning, Deep Learning, Graph Analysis, Internet of Things, Malware Detection",

author = "Ahmed Abusnaina and Aminollah Khormali and Hisham Alasmary and Jeman Park and Afsah Anwar and Aziz Mohaisen",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019 ; Conference date: 07-07-2019 Through 09-07-2019",

year = "2019",

month = jul,

doi = "10.1109/ICDCS.2019.00130",

language = "English",

series = "Proceedings - International Conference on Distributed Computing Systems",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1296--1305",

booktitle = "Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019",

address = "United States",

}

Abusnaina, A, Khormali, A, Alasmary, H, Park, J, Anwar, A & Mohaisen, A 2019, Adversarial learning attacks on graph-based IoT malware detection systems. in Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019., 8885251, Proceedings - International Conference on Distributed Computing Systems, vol. 2019-July, Institute of Electrical and Electronics Engineers Inc., pp. 1296-1305, 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019, Richardson, United States, 7/07/19. https://doi.org/10.1109/ICDCS.2019.00130

Adversarial learning attacks on graph-based IoT malware detection systems. / Abusnaina, Ahmed; Khormali, Aminollah; Alasmary, Hisham et al.
Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 1296-1305 8885251 (Proceedings - International Conference on Distributed Computing Systems; Vol. 2019-July).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial learning attacks on graph-based IoT malware detection systems

AU - Abusnaina, Ahmed

AU - Khormali, Aminollah

AU - Alasmary, Hisham

AU - Park, Jeman

AU - Anwar, Afsah

AU - Mohaisen, Aziz

PY - 2019/7

Y1 - 2019/7

N2 - IoT malware detection using control flow graph (CFG)-based features and deep learning networks are widely explored. The main goal of this study is to investigate the robustness of such models against adversarial learning. We designed two approaches to craft adversarial IoT software: off-the-shelf methods and Graph Embedding and Augmentation (GEA) method. In the off-the-shelf adversarial learning attack methods, we examine eight different adversarial learning methods to force the model to misclassification. The GEA approach aims to preserve the functionality and practicality of the generated adversarial sample through a careful embedding of a benign sample to a malicious one. Intensive experiments are conducted to evaluate the performance of the proposed method, showing that off-the-shelf adversarial attack methods are able to achieve a misclassification rate of 100%. In addition, we observed that the GEA approach is able to misclassify all IoT malware samples as benign. The findings of this work highlight the essential need for more robust detection tools against adversarial learning, including features that are not easy to manipulate, unlike CFG-based features. The implications of the study are quite broad, since the approach challenged in this work is widely used for other applications using graphs.

AB - IoT malware detection using control flow graph (CFG)-based features and deep learning networks are widely explored. The main goal of this study is to investigate the robustness of such models against adversarial learning. We designed two approaches to craft adversarial IoT software: off-the-shelf methods and Graph Embedding and Augmentation (GEA) method. In the off-the-shelf adversarial learning attack methods, we examine eight different adversarial learning methods to force the model to misclassification. The GEA approach aims to preserve the functionality and practicality of the generated adversarial sample through a careful embedding of a benign sample to a malicious one. Intensive experiments are conducted to evaluate the performance of the proposed method, showing that off-the-shelf adversarial attack methods are able to achieve a misclassification rate of 100%. In addition, we observed that the GEA approach is able to misclassify all IoT malware samples as benign. The findings of this work highlight the essential need for more robust detection tools against adversarial learning, including features that are not easy to manipulate, unlike CFG-based features. The implications of the study are quite broad, since the approach challenged in this work is widely used for other applications using graphs.

KW - Adversarial Learning

KW - Deep Learning

KW - Graph Analysis

KW - Internet of Things

KW - Malware Detection

UR - http://www.scopus.com/inward/record.url?scp=85066750661&partnerID=8YFLogxK

U2 - 10.1109/ICDCS.2019.00130

DO - 10.1109/ICDCS.2019.00130

M3 - Conference contribution

AN - SCOPUS:85066750661

T3 - Proceedings - International Conference on Distributed Computing Systems

SP - 1296

EP - 1305

BT - Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019

Y2 - 7 July 2019 through 9 July 2019

ER -

Abusnaina A, Khormali A, Alasmary H, Park J, Anwar A, Mohaisen A. Adversarial learning attacks on graph-based IoT malware detection systems. In Proceedings - 2019 39th IEEE International Conference on Distributed Computing Systems, ICDCS 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 1296-1305. 8885251. (Proceedings - International Conference on Distributed Computing Systems). doi: 10.1109/ICDCS.2019.00130

Adversarial learning attacks on graph-based IoT malware detection systems

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this