Research On Adversarial Attacks Of Internet Of Things Malware Detection Based On HTTP Characteristics

The exponential growth and complexity of malicious activities in the Internet of Things(Io T)have led to the development of new Io T malware detection technologies that can protect Io T devices from certain threats.Among these detection technologies,Io T malware detectors based on HTTP requests have become popular.These detectors are trained by features extracted from HTTP headers and have achieved good detection success rates,including those based on URLs extracted from HTTP headers.However,machine learning models in detectors are easily disturbed by the adversarial examples created by adversarial attacks.Adversarial attacks make detectors misjudgment and lead to serious security problems.Io T malware detectors based on HTTP features generally use machine learning technology and are vulnerable to adversarial attacks.It was found that few studies have focused on the security issues of the Io T malicious detector based on HTTP characteristics through surveys.Therefore,it is urgently necessary to propose adversarial attack methods for these detectors to evaluate their robustness and to raise awareness of these issues among security personnel.To this end,we started our research on adversarial attacks against Io T malware detectors based on HTTP features.However,there are some problems with using adversarial attack methods of the image domain directly.The search space for adversarial examples in the image domain is continuous,while the search space for adversarial examples in the network domain is discrete.Adversarial examples in the image domain do not need to consider the functionality of the sample,while transforming HTTP malicious samples into adversarial examples requires that the original malicious functionality not be destroyed.In the cyber environment,using adversarial attacks to evaluate detectors will generate a lot of traffic and occupy network resources.Therefore the security personnel need to use adversarial attacks to comprehensively evaluate the robustness of the detector,and increase the attack speed to reduce network occupation.Given this,we carried out the following research work:(1)To generate HTTP adversarial examples without destroying the original malicious function,this thesis proposes a gray-box adversarial attack method for the Io T malware detector based on HTTP features for the first time.This method can add perturbation to the real sample and can complete the adversarial attack without destroying the malicious function carried by HTTP.(2)Since work(1)takes a long time to attack the model trained by high-dimensional features,a gray-box adversarial attack method based on the combination of deep space transformation and genetic algorithm is proposed.This method uses the hypersphere center obtained after space transformation as the evolution direction.Compared with(1),it reduces the evolution direction,reduces the time consumption during generation of adversarial examples,and thus reduces the occupation of network resources.(3)On the basis of(2),to further improve the attack success rate against the Io T malware detector based on HTTP features,and then improve the comprehensiveness of the security personnel when evaluating the detector,a gray-box adversarial attack method based on the combination of semi-supervised space transformation and genetic algorithm is proposed.The method uses two types of samples,positive and negative,to participate in the space transformation so that the positive samples can be concentrated as much as possible in the vector space expression so that the evolution direction is more reasonable,and the attack success rate and evaluation depth of the detector’s robustness are improved.In summary,this thesis explores for the first time the problem of adversarial attacks against Io T malware detectors based on HTTP features and proposes a series of gray-box adversarial attack methods.