TY - JOUR
T1 - SETTI
T2 - a self-supervised AdvErsarial malware DeTection ArchiTecture in an IoT environment
AU - Taheri, Rahim
AU - Pooranian, Zahra
AU - Shojafar, Mohammad
AU - Xiao, Pei
N1 - Publisher Copyright:
© 2022 Association for Computing Machinery.
PY - 2022/10/6
Y1 - 2022/10/6
N2 - In recent years, malware detection has become an active research topic in the area of Internet of Things (IoT) security. The principle is to exploit knowledge from large quantities of continuously generated malware. Existing algorithms practise available malware features for IoT devices and lack real-time prediction behaviours. More research is thus required on malware detection to cope with real-time misclassification of the input IoT data. Motivated by this, in this article, we propose an adversarial self-supervised architecture for detecting malware in IoT networks, SETTI, considering samples of IoT network traffic that may not be labeled. In the SETTI architecture, we design three self-supervised attack techniques, namely, Self-MDS, GSelf-MDS, and ASelf-MDS. The Self-MDS method considers the IoT input data and the adversarial sample generation in real-time. The GSelf-MDS builds a generative adversarial network model to generate adversarial samples in the self-supervised structure. Finally, ASelf-MDS utilises three well-known perturbation sample techniques to develop adversarial malware and inject it over the self-supervised architecture. Also, we apply a defence method to mitigate these attacks, namely, adversarial self-supervised training, to protect the malware detection architecture against injecting the malicious samples. To validate the attack and defence algorithms, we conduct experiments on two recent IoT datasets: IoT23 and NBIoT. Comparison of the results shows that in the IoT23 dataset, the Self-MDS method has the most damaging consequences from the attacker's point of view by reducing the accuracy rate from 98% to 74%. In the NBIoT dataset, the ASelf-MDS method is the most devastating algorithm that can plunge the accuracy rate from 98% to 77%.
AB - In recent years, malware detection has become an active research topic in the area of Internet of Things (IoT) security. The principle is to exploit knowledge from large quantities of continuously generated malware. Existing algorithms practise available malware features for IoT devices and lack real-time prediction behaviours. More research is thus required on malware detection to cope with real-time misclassification of the input IoT data. Motivated by this, in this article, we propose an adversarial self-supervised architecture for detecting malware in IoT networks, SETTI, considering samples of IoT network traffic that may not be labeled. In the SETTI architecture, we design three self-supervised attack techniques, namely, Self-MDS, GSelf-MDS, and ASelf-MDS. The Self-MDS method considers the IoT input data and the adversarial sample generation in real-time. The GSelf-MDS builds a generative adversarial network model to generate adversarial samples in the self-supervised structure. Finally, ASelf-MDS utilises three well-known perturbation sample techniques to develop adversarial malware and inject it over the self-supervised architecture. Also, we apply a defence method to mitigate these attacks, namely, adversarial self-supervised training, to protect the malware detection architecture against injecting the malicious samples. To validate the attack and defence algorithms, we conduct experiments on two recent IoT datasets: IoT23 and NBIoT. Comparison of the results shows that in the IoT23 dataset, the Self-MDS method has the most damaging consequences from the attacker's point of view by reducing the accuracy rate from 98% to 74%. In the NBIoT dataset, the ASelf-MDS method is the most devastating algorithm that can plunge the accuracy rate from 98% to 77%.
KW - adversarial examples
KW - Internet of Things (IoT)
KW - Machine Learning (ML)
KW - malware detection
KW - robustness
KW - Self-Supervised Training (SSL)
UR - http://www.scopus.com/inward/record.url?scp=85142474764&partnerID=8YFLogxK
UR - https://kclpure.kcl.ac.uk/portal
U2 - 10.1145/3536425
DO - 10.1145/3536425
M3 - Article
AN - SCOPUS:85142474764
SN - 1551-6857
VL - 18
JO - ACM Transactions on Multimedia Computing, Communications and Applications
JF - ACM Transactions on Multimedia Computing, Communications and Applications
IS - 2
M1 - 122
ER -