Toward Machine Intelligence that Learns to Fingerprint Polymorphic Worms in IoT

Abstract

Internet of Things (IoT) is fast growing. Non-PC devices under the umbrella of IoT have been increasingly applied in various fields and will soon account for a significant share of total Internet traffic. However, the security and privacy of IoT and its devices have been challenged by malware, particularly polymorphic worms that rapidly self-propagate once being launched and vary their appearance over each infection to escape from the detection of signature-based intrusion detection systems. It is well recognized that polymorphic worms are one of the most intrusive threats to IoT security. To build an effective, strong defense for IoT networks against polymorphic worms, this research proposes a machine intelligent system, termed Gram-Restricted Boltzmann Machine (Gram-RBM), which automatically generates generic fingerprints/signatures for the polymorphic worm. Two augmented N-gram based methods are designed and applied in derivation of polymorphic worm
sequences, also known as fingerprints/signatures. These derived sequences are then optimized using the Gaussian-Bernoulli RBM dimension reduction algorithm. The results, gained from the experiments involved three different types of polymorphic
worms, show that the system generates accurate fingerprints/signatures even under "noisy" conditions and outperforms related methods in terms of accuracy and efficiency.