Research And Design Of Malware Detection Of Terminal Devices In IoT Networks

With the rapid development of the Internet of Things(Io T)technology,the number of Internet of Things devices has also increased year by year,gradually showing the characteristics of diversification,intelligence,and scale.Io T devices have been widely used in industries such as smart cars,smart cities,smart buildings,smart homes,and smart grids.Compared with PCs,due to cost constraints,most Io T devices have relatively simple operating systems that do not have higher-level functions,and have many software and hardware vulnerabilities that cannot be repaired in time or due to resource constraints.At present,criminals have designed malicious software specifically for Io T devices.For example,the Mirai virus uses vulnerabilities to attack a large number of Io T devices.In addition,traditional malware detection systems consume a lot of resources and are not suitable for resource-constrained Io T terminal devices.Therefore,there is an urgent need to design a malware detection system for Io T terminal devices.In this thesis,a malware detection system using hardware performance counters is designed for Linux system on ARM platform,and the detection performance of the system is verified.In view of the problem of not eliminating the interference of other non-detection software processes during the hardware feature collection process,the feature collection is optimized based on the perf?event?open system call,other non-detection software process data is filtered out,and the sampling data error is reduced through multiple sampling comparisons.The architecture of the system is divided into a hardware support layer,a feature collection layer,a detection computing layer and a user interaction layer.The system is mainly composed of offline processing module,online operation module and visual management platform.The offline processing module includes four sub-modules: preprocessing,feature collection,feature selection,and classification algorithm training.The online detection module includes three sub-modules: key feature collection,classification detection,and threat response.The visualization management platform includes five sub-modules:configuration module,threat analysis module,visualization module,control module and system database.These modules work together to achieve real-time detection of devices status and visual management tasks.Based on the outline design and detailed design,using Python and C programming languages,a malware detection system using hardware performance counters was developed,and the hardware performance counter data was captured on the Raspberry Pi 3B+(ARM)for experimental verification.This thesis collected 2,564 malware samples and 205 benign software samples,and set up a comparison experiment with two groups of sampling periods of 10 ms and 1ms.Four events CACHE?L1I,BRANCH?MISSES,BRANCH?INSTRUCTIONS and BRANCH-LOAD-MISSES are selected as key feature events through related attribute analysis and principal component analysis.The verification results show that the recall rate,precision,F1 score and AUC independently verified on the J48 algorithm model using these four key events are all higher than those of the HMD detector,reflecting that the designed malware detection system using hardware performance counters can achieve design goals.