A Robust Malware Threat Hunting System and Method based on Deep Neural Networks in IoT environments

物联网环境中基于深度神经网络的鲁棒恶意软件威胁追踪系统和方法

• 批准号: 571262-2022
• 负责人: Dehghantanha, Ali
• 金额: $ 1.46万
• 依托单位: University of Guelph
• 依托单位国家: 加拿大
• 项目类别: Idea to Innovation
• 财政年份: 2021
• 资助国家: 加拿大
• 起止时间: 2021-01-01 至 2022-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=729115
• 关键词: Robust; Malware; Threat; Hunting; System

Today's industrial companies and even enterprises use IoT devices for automating theirprocesses. These devices are exposed to malware threats and this is a real challenge in theindustrial 4.0 era. Due to evolving malware threats, the targeted companies need to pay forsecurity patches for their malware threat hunting procedures. These patches only work withpreviously seen threats and are not reliable against novel ones, resulting in high false-positiverates. The proposed system can hunt IoT malware threats and can also generate adversarialpayloads from every given executable dataset to create a unique database of adversarialpayloads. With this unique method, the proposed system is also capable of preventing fakesamples from passing through malware threat hunting methods. The proposed system alsoincludes an adversarial payload prevention method to identify fakes (generated sample) that aimto bypass the hunting method. Based on our initial market validation and literature research wefound there is no equivalent mechanism in real-world Industrial Internet of Things (IIoT)environments. Therefore, the proposed method could help the IIoT in terms of saving time andoperational cost by automating the whole malware prevention, generation, and hunting process.

当今的工业公司甚至企业都使用物联网设备来实现流程自动化。这些设备面临恶意软件威胁，这是工业 4.0 时代的真正挑战。由于恶意软件威胁不断演变，目标公司需要为其恶意软件威胁搜寻程序支付安全补丁费用。这些补丁仅适用于以前见过的威胁，对于新威胁并不可靠，导致误报率很高。所提出的系统可以追捕物联网恶意软件威胁，还可以从每个给定的可执行数据集生成对抗性有效负载，以创建独特的对抗性有效负载数据库。通过这种独特的方法，所提出的系统还能够防止假样本通过恶意软件威胁狩猎方法。所提出的系统还包括一种对抗性有效负载预防方法，用于识别旨在绕过狩猎方法的假货（生成的样本）。根据我们最初的市场验证和文献研究，我们发现现实世界的工业物联网 (IIoT) 环境中没有等效机制。因此，所提出的方法可以通过自动化整个恶意软件预防、生成和狩猎过程来帮助工业物联网节省时间和运营成本。