IoT Botnet Detection Using System Call Graphs and One-Class CNN Classification
Hai-Viet Le1, Quoc-Dung Ngo2, Van-Hoang Le3
1Hai-Viet Le, Department of Information Technology and Information Security, People’s Security Academy, Hanoi, Vietnam.
2Quoc-Dung Ngo, Department of Information Technology, Posts and Telecommunications Institute of Technology, Hanoi, Vietnam.
3Van-Hoang Le, Graduate People’s Security Academy, Department of Information Technology and Information Security, People’s Security Academy, Hanoi, Vietnam
Manuscript received on 02 July 2019 | Revised Manuscript received on 06 July 2019 | Manuscript published on 30 August 2019 | PP: 937-942 | Volume-8 Issue-10, August 2019 | Retrieval Number: J90910881019/2019©BEIESP | DOI: 10.35940/ijitee.J9091.0881019
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: With the rapid development of IoT devices, security risks become clearer in smart houses with the emergence of more types of IoT Botnet. With the development of machine learning technology applied to dynamic analysis methods, the automatic detection of variations of IoT Botnet has many achievements. However, there are still some difficulties such as building Sandbox suitable for IoT Botnet with specific chip architectures, collecting full of malicious behavior, imbalance in dataset,… affecting the accuracy of the learning model. In this paper, the authors introduce method of detecting IoT Botnet through system call of executable file to address some difficulties mentioned above. We edit sandbox environment based on QEMU to collect more monitoring data and focus to system calls behavior of malware. By using the CNN network architecture combined with One-class classification and features extracted from the system call graph, the authors have built a IoT Botnet detection model with an accuracy of up to 97% and F-measure 98.33%.
Keywords: IoT Botnet; One-class CNN classification; System call graph.
Scope of the Article: Classification