Comprehensive Analysis of IoT Malware Evasion Techniques
Malware detection in Internet of Things (IoT) devices is a great challenge, as these devices lack certain characteristics such as homogeneity and security. Malware is malicious software that affects a system as it can steal sensitive information, slow its speed, cause frequent hangs, and disrupt operations. The most common malware types are adware, computer viruses, spyware, trojans, worms, rootkits, key loggers, botnets, and ransomware. Malware detection is critical for a system's security. Many security researchers have studied the IoT malware detection domain. Many studies proposed the static or dynamic analysis on IoT malware detection. This paper presents a survey of IoT malware evasion techniques, reviewing and discussing various researches. Malware uses a few common evasion techniques such as user interaction, environmental awareness, stegosploit, domain and IP identification, code obfuscation, code encryption, timing, and code compression. A comparative analysis was conducted pointing various advantages and disadvantages. This study provides guidelines on IoT malware evasion techniques.
Keywords:IoT, malware, evasion techniques, challenges, security
S. Bhat, O. Bhat, and P. Gokhale, "Applications of IoT and IoT: Vision 2020," International Advanced Research Journal in Science, Engineering and Technology, vol. 5, no. 1, pp. 41-44, Jan. 2018.
J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, Sep. 2013. https://doi.org/10.1016/j.future.2013.01.010
F. Hüning, Embedded Systems für IoT. Springer Vieweg, 2019. https://doi.org/10.1007/978-3-662-57901-5
F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, "Machine Learning in IoT Security: Current Solutions and Future Challenges," IEEE Communications Surveys Tutorials, vol. 22, no. 3, pp. 1686-1721, 2020. https://doi.org/10.1109/COMST.2020.2986444
S. Verma, Y. Kawamoto, Z. Md. Fadlullah, H. Nishiyama, and N. Kato, "A Survey on Network Methodologies for Real-Time Analytics of Massive IoT Data and Open Research Issues," IEEE Communications Surveys Tutorials, vol. 19, no. 3, pp. 1457-1477, 2017. https://doi.org/10.1109/COMST.2017.2694469
S. J. Johnston, M. Scott, and S. J. Cox, "Recommendations for securing Internet of Things devices using commodity hardware," in 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Dec. 2016, pp. 307-310. https://doi.org/10.1109/WF-IoT.2016.7845410
M. Q. Aldossari and A. Sidorova, "Consumer Acceptance of Internet of Things (IoT): Smart Home Context," Journal of Computer Information Systems, vol. 60, no. 6, pp. 507-517, Nov. 2020. https://doi.org/10.1080/08874417.2018.1543000
Z. Sheng, C. Mahapatra, C. Zhu, and V. C. M. Leung, "Recent Advances in Industrial Wireless Sensor Networks Toward Efficient Management in IoT," IEEE Access, vol. 3, pp. 622-637, 2015. https://doi.org/10.1109/ACCESS.2015.2435000
P. Asghari, A. M. Rahmani, and H. H. S. Javadi, "Internet of Things applications: A systematic review," Computer Networks, vol. 148, pp. 241-261, Jan. 2019. https://doi.org/10.1016/j.comnet.2018.12.008
P. Gope and T. Hwang, "Untraceable Sensor Movement in Distributed IoT Infrastructure," IEEE Sensors Journal, vol. 15, no. 9, pp. 5340-5348, Sep. 2015. https://doi.org/10.1109/JSEN.2015.2441113
R. F. Mansour and S. A. Parah, "Reversible Data Hiding for Electronic Patient Information Security for Telemedicine Applications," Arabian Journal for Science and Engineering, Jun. 2021. https://doi.org/10.1007/s13369-021-05716-2
N. O. Aljehane and R. F. Mansour, "Big data analytics with oppositional moth flame optimization based vehicular routing protocol for future smart cities," Expert Systems, 2021, Art. no. e12718. https://doi.org/10.1111/exsy.12718
N. Guizani and A. Ghafoor, "A Network Function Virtualization System for Detecting Malware in Large IoT Based Networks," IEEE Journal on Selected Areas in Communications, vol. 38, no. 6, pp. 1218-1228, Jun. 2020. https://doi.org/10.1109/JSAC.2020.2986618
A. Malyshev, T. Biyachuev, and D. Ilin, "Systems and methods for malware classification," US8635694B2, Jan. 21, 2014.
S. Edwards and I. Profetis, "Hajime: Analysis of a decentralized internet worm for IoT devices," Rapidity Networks, Oct. 2016.
S. Sareen, S. K. Sood, and S. K. Gupta, "IoT-based cloud framework to control Ebola virus outbreak," Journal of Ambient Intelligence and Humanized Computing, vol. 9, no. 3, pp. 459-476, Jun. 2018. https://doi.org/10.1007/s12652-016-0427-7
S. Elmalaki, B.-J. Ho, M. Alzantot, Y. Shoukry, and M. Srivastava, "SpyCon: Adaptation Based Spyware in Human-in-the-Loop IoT," in 2019 IEEE Security and Privacy Workshops (SPW), May 2019, pp. 163-168. https://doi.org/10.1109/SPW.2019.00039
X. de C. de Carnavalet and M. Mannan, "Privacy and Security Risks of 'Not-a-Virus' Bundled Adware: The Wajam Case," arXiv:1905.05224 [cs], May 2019.
I. Yaqoob et al., "The rise of ransomware and emerging security challenges in the Internet of Things," Computer Networks, vol. 129, pp. 444-458, Dec. 2017. https://doi.org/10.1016/j.comnet.2017.09.003
C. Dong, G. He, X. Liu, Y. Yang, and W. Guo, "A Multi-Layer Hardware Trojan Protection Framework for IoT Chips," IEEE Access, vol. 7, pp. 23628-23639, 2019. https://doi.org/10.1109/ACCESS.2019.2896479
A. Lamba, S. Singh, and S. Balvinder, "Mitigating Zero-Day Attacks in IoT Using a Strategic Framework," International Journal For Technological Research In Engineering, vol. 4, no. 1, pp. 5711-5714, 2016. https://doi.org/10.2139/ssrn.3492684
E. Bertino and N. Islam, "Botnets and Internet of Things Security," Computer, vol. 50, no. 2, pp. 76-79, Feb. 2017. https://doi.org/10.1109/MC.2017.62
A. Marzano et al., "The Evolution of Bashlite and Mirai IoT Botnets," in 2018 IEEE Symposium on Computers and Communications (ISCC), Jun. 2018, pp. 00813-00818. https://doi.org/10.1109/ISCC.2018.8538636
A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, "Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning," IEEE Transactions on Sustainable Computing, vol. 4, no. 1, pp. 88-95, Jan. 2019. https://doi.org/10.1109/TSUSC.2018.2809665
R. Tahir, "A Study on Malware and Malware Detection Techniques," International Journal of Education and Management Engineering, vol. 8, no. 2, pp. 20-30, Mar. 2018. https://doi.org/10.5815/ijeme.2018.02.03
Q. Liu, X. Hong, S. Li, Z. Chen, G. Zhao, and B. Zou, "A spatial-aware joint optic disc and cup segmentation method," Neurocomputing, vol. 359, pp. 285-297, Sep. 2019. https://doi.org/10.1016/j.neucom.2019.05.039
V. Sharma, I. You, K. Yim, I.-R. Chen, and J.-H. Cho, "BRIoT: Behavior Rule Specification-Based Misbehavior Detection for IoT-Embedded Cyber-Physical Systems," IEEE Access, vol. 7, pp. 118556-118580, 2019. https://doi.org/10.1109/ACCESS.2019.2917135
W. Li, S. Tug, W. Meng, and Y. Wang, "Designing collaborative blockchained signature-based intrusion detection in IoT environments," Future Generation Computer Systems, vol. 96, pp. 481-489, Jul. 2019. https://doi.org/10.1016/j.future.2019.02.064
N. Khanna and M. Sachdeva, "A comprehensive taxonomy of schemes to detect and mitigate blackhole attack and its variants in MANETs," Computer Science Review, vol. 32, pp. 24-44, May 2019. https://doi.org/10.1016/j.cosrev.2019.03.001
S. Wang, Z. Chen, Q. Yan, B. Yang, L. Peng, and Z. Jia, "A mobile malware detection method using behavior features in network traffic," Journal of Network and Computer Applications, vol. 133, pp. 15-25, May 2019. https://doi.org/10.1016/j.jnca.2018.12.014
Q.-D. Ngo, H.-T. Nguyen, V.-H. Le, and D.-H. Nguyen, "A survey of IoT malware and detection methods based on static features," ICT Express, vol. 6, no. 4, pp. 280-286, Dec. 2020. https://doi.org/10.1016/j.icte.2020.04.005
S. Sibi Chakkaravarthy, D. Sangeetha, and V. Vaidehi, "A Survey on malware analysis and mitigation techniques," Computer Science Review, vol. 32, pp. 1-23, May 2019. https://doi.org/10.1016/j.cosrev.2019.01.002
W. Han, J. Xue, Y. Wang, Z. Liu, and Z. Kong, "MalInsight: A systematic profiling based malware detection framework," Journal of Network and Computer Applications, vol. 125, pp. 236-250, Jan. 2019. https://doi.org/10.1016/j.jnca.2018.10.022
Y. Borchani, "Advanced malicious beaconing detection through AI," Network Security, vol. 2020, no. 3, pp. 8-14, Mar. 2020. https://doi.org/10.1016/S1353-4858(20)30030-1
J. Álvarez Cid-Fuentes, C. Szabo, and K. Falkner, "An adaptive framework for the detection of novel botnets," Computers & Security, vol. 79, pp. 148-161, Nov. 2018. https://doi.org/10.1016/j.cose.2018.07.019
M. Alazab, M. Alazab, A. Shalaginov, A. Mesleh, and A. Awajan, "Intelligent mobile malware detection using permission requests and API calls," Future Generation Computer Systems, vol. 107, pp. 509-521, Jun. 2020. https://doi.org/10.1016/j.future.2020.02.002
U. Noor, Z. Anwar, A. W. Malik, S. Khan, and S. Saleem, "A machine learning framework for investigating data breaches based on semantic analysis of adversary's attack patterns in threat intelligence repositories," Future Generation Computer Systems, vol. 95, pp. 467-487, Jun. 2019. https://doi.org/10.1016/j.future.2019.01.022
A. Qamar, A. Karim, and V. Chang, "Mobile malware attacks: Review, taxonomy & future directions," Future Generation Computer Systems, vol. 97, pp. 887-909, Aug. 2019. https://doi.org/10.1016/j.future.2019.03.007
B. A. S. Al-rimy, M. A. Maarof, and S. Z. M. Shaid, "Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions," Computers & Security, vol. 74, pp. 144-166, May 2018. https://doi.org/10.1016/j.cose.2018.01.001
A. Gupta, A. Anpalagan, G. H. S. Carvalho, A. S. Khwaja, L. Guan, and I. Woungang, "RETRACTED: Prevailing and emerging cyber threats and security practices in IoT-Enabled smart grids: A survey," Journal of Network and Computer Applications, vol. 132, pp. 118-148, Apr. 2019. https://doi.org/10.1016/j.jnca.2019.01.012
N. Tuptuk and S. Hailes, "Security of smart manufacturing systems," Journal of Manufacturing Systems, vol. 47, pp. 93-106, Apr. 2018. https://doi.org/10.1016/j.jmsy.2018.04.007
R. Taheri, M. Ghahramani, R. Javidan, M. Shojafar, Z. Pooranian, and M. Conti, "Similarity-based Android malware detection using Hamming distance of static binary features," Future Generation Computer Systems, vol. 105, pp. 230-247, Apr. 2020. https://doi.org/10.1016/j.future.2019.11.034
P. Visu, L. Lakshmanan, V. Murugananthan, and Meenaloshini Vimal Cruz, "Software-defined forensic framework for malware disaster management in Internet of Thing devices for extreme surveillance," Computer Communications, vol. 147, pp. 14-20, Nov. 2019. https://doi.org/10.1016/j.comcom.2019.08.013
D. Gibert, C. Mateu, and J. Planes, "The rise of machine learning for detection and classification of malware: Research developments, trends and challenges," Journal of Network and Computer Applications, vol. 153, Mar. 2020, Art. no. 102526. https://doi.org/10.1016/j.jnca.2019.102526
M. Noor, H. Abbas, and W. B. Shahid, "Countering cyber threats for industrial applications: An automated approach for malware evasion detection and analysis," Journal of Network and Computer Applications, vol. 103, pp. 249-261, Feb. 2018. https://doi.org/10.1016/j.jnca.2017.10.004
F. Ullah and M. Ali Babar, "Architectural Tactics for Big Data Cybersecurity Analytics Systems: A Review," Journal of Systems and Software, vol. 151, pp. 81-118, May 2019. https://doi.org/10.1016/j.jss.2019.01.051
L. Urquhart and D. McAuley, "Avoiding the internet of insecure industrial things," Computer Law & Security Review, vol. 34, no. 3, pp. 450-466, Jun. 2018. https://doi.org/10.1016/j.clsr.2017.12.004
J. M. Ceron, C. B. Margi, and L. Z. Granville, "MARS: From traffic containment to network reconfiguration in malware-analysis systems," Computer Networks, vol. 129, pp. 261-272, Dec. 2017. https://doi.org/10.1016/j.comnet.2017.10.003
J. H. Abawajy, M. Chowdhury, and A. Kelarev, "Hybrid Consensus Pruning of Ensemble Classifiers for Big Data Malware Detection," IEEE Transactions on Cloud Computing, vol. 8, no. 2, pp. 398-407, Apr. 2020. https://doi.org/10.1109/TCC.2015.2481378
A. Afianian, S. Niksefat, B. Sadeghiyan, and D. Baptiste, "Malware Dynamic Analysis Evasion Techniques: A Survey," ACM Computing Surveys, vol. 52, no. 6, pp. 126:1-126:28, Nov. 2019. https://doi.org/10.1145/3365001
Abhijit Mohanta, Malware Analysis and Detection Engineering, 1st ed. New York, NY, USA: Apress, 2020. https://doi.org/10.1007/978-1-4842-6193-4
C. S. Veerappan, P. L. K. Keong, Z. Tang, and F. Tan, "Taxonomy on malware evasion countermeasures techniques," in 2018 IEEE 4th World Forum on Internet of Things (WF-IoT), Feb. 2018, pp. 558-563. https://doi.org/10.1109/WF-IoT.2018.8355202
X. Carpent, N. Rattanavipanon, and G. Tsudik, "Probabilistic and Considerate Attestation of IoT Devices against Roving Malware," Cryptology ePrint Archive 2017/1216, 2017.
B. E. Sabir, M. Youssfi, O. Bouattane, and H. Allali, "Towards a New Model to Secure IoT-based Smart Home Mobile Agents using Blockchain Technology," Engineering, Technology & Applied Science Research, vol. 10, no. 2, pp. 5441-5447, Apr. 2020. https://doi.org/10.48084/etasr.3394
S. Zafar, G. Miraj, R. Baloch, D. Murtaza, and K. Arshad, "An IoT Based Real-Time Environmental Monitoring System Using Arduino and Cloud Service," Engineering, Technology & Applied Science Research, vol. 8, no. 4, pp. 3238-3242, Aug. 2018. https://doi.org/10.48084/etasr.2144
R. F. Mansour, S. Al-Otaibi, A. Al-Rasheed, H. Aljuaid, I. V. Pustokhina, and D. A. Pustokhin, "An Optimal Big Data Analytics with Concept Drift Detection on High-Dimensional Streaming Data," Computers, Materials & Continua, vol. 68, no. 3, pp. 2843-2858, 2021. https://doi.org/10.32604/cmc.2021.016626
R. F. Mansour and M. R. Girgis, "Steganography-Based Transmission of Medical Images Over Unsecure Network for Telemedicine Applications," Computers, Materials & Continua, vol. 68, no. 3, pp. 4069-4085, 2021. https://doi.org/10.32604/cmc.2021.017064
How to Cite
MetricsAbstract Views: 263
PDF Downloads: 191
Copyright (c) 2021 A. Al-Marghilani
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.