View : 624 Download: 0
ShellCore: Automating Malicious IoT Software Detection Using Shell Commands Representation
- Title
- ShellCore: Automating Malicious IoT Software Detection Using Shell Commands Representation
- Authors
- Alasmary H.; Anwar A.; Abusnaina A.; Alabduljabbar A.; Abuhamad M.; Wang A.; Nyang D.; Awad A.; Mohaisen D.
- Ewha Authors
- 양대헌
- SCOPUS Author ID
- 양대헌
![scopus](/images/layout/icon2.png)
- Issue Date
- 2022
- Journal Title
- IEEE Internet of Things Journal
- ISSN
- 2327-4662
- Citation
- IEEE Internet of Things Journal vol. 9, no. 4, pp. 2485 - 2496
- Keywords
- Internet of Things (IoT) security; Linux shell commands; machine learning; malware detection
- Publisher
- Institute of Electrical and Electronics Engineers Inc.
- Indexed
- SCIE; SCOPUS
![scopus](/images/layout/scopus2.gif)
- Document Type
- Article
- Abstract
- The Linux shell is a command-line interpreter that provides users with a command interface to the operating system, allowing them to perform various functions. Although very useful in building capabilities at the edge, the Linux shell can be exploited, giving adversaries a prime opportunity to use them for malicious activities. With access to Internet of Things (IoT) devices, malware authors can abuse the Linux shell of those devices to propagate infections and launch large-scale attacks, e.g., Distributed Denial of Service. In this work, we provide a first look at the tasks managed by shell commands in Linux-based IoT malware toward detection. We analyze malicious shell commands found in IoT malware and build a neural network-based model, ShellCore, to detect malicious shell commands. Namely, we collected a large data set of shell commands, including malicious commands extracted from 2891 IoT malware samples and benign commands collected from real-world network traffic analysis and volunteered data from Linux users. Using conventional machine and deep learning-based approaches trained with a term- and character-level features, ShellCore is shown to achieve an accuracy of more than 99% in detecting malicious shell commands and files (i.e., binaries). © 2014 IEEE.
- DOI
- 10.1109/JIOT.2021.3086398
- Appears in Collections:
- 인공지능대학 > 사이버보안학과 > Journal papers
- Files in This Item:
There are no files associated with this item.
- Export
- RIS (EndNote)
- XLS (Excel)
- XML