Presentation is loading. Please wait.

Presentation is loading. Please wait.

MadeCR: Correlation-based Malware Detection for Cognitive Radio

Published byQuentin Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "MadeCR: Correlation-based Malware Detection for Cognitive Radio"— Presentation transcript:

1 MadeCR: Correlation-based Malware Detection for Cognitive Radio
Yanzhi Dou, Kexiong (Curtis) Zeng, Yaling Yang, Danfeng (Daphne) Yao Department of Electrical and Computer Engineering Virginia Tech, USA

2 Overview Background Challenges & contributions
Attack model & security goal MadeCR design Artificial malware generation Prototype & evaluation Conclusion & future work

3 Background CR: An intelligent radio technology to boost spectrum utilization Challenging security and information assurance issues A traditional radio can only affect its own network CR can be exploited to launch large scale attacks More destructive than traditional radio system Security problems need to be addressed proactively

4 Background Existing proposals for CR security
Prevents downloading of malicious software Leverages ordinary personal computer protection measures Focuses on the networking aspect of CR security MadeCR: Enhance the security of CR device itself Anomaly detection techniques

5 Challenges & contributions
Unique challenges Complexity in countering data flow poison How to evaluate in the absence of real malwares? Contributions Involve feasible data flow analysis by employing clustering techniques Generate artificial CR malwares through mutation testing techniques Identify the critical vulnerable components to refine the detection system

6 Overview Background Challenges & contributions
Attack model & security goal MadeCR design Artificial malware generation Prototype & evaluation Conclusion & future work

7 MadeCR design

8 Argument Processor High level Continuous space -> discrete space

9 Argument Processor Step 1

10 Argument Processor Step 2

11 Anomaly Detector Recognize abnormal sequences Methods
Construct a database of normal behavior Calculate the deviation as the criterion Methods N-gram model Hidden Markov Model (HMM)

12 System refinement Observation Select security-critical function call
Many intercepted functions provide little contextual information e.g. Printing operation message on screen Tokens of thread scheduling in Python Operation fidelity of CR is determined by the integrity of its RF parameters Select security-critical function call Improve the detection accuracy and detection speed

13 Overview Background Challenges & contributions
Attack model & security goal MadeCR design Artificial malware generation Prototype & evaluation Conclusion & future work

14 Artificial malware generation
Motivation: Proactive defence -> no real malware Traditional IDS evaluation method not applicable Observation Malware is a special kind of mutant

15 Artificial malware generation
Method: Generate artificial malware by Mutation testing Six mutation operators Byte code level A wide range of malware-alike behaviors

16 Prototype & evaluation
A host computer with Intel Core i GHz * 8 and 8GB memory CR testbed

17 Prototype & evaluation
2 versions * 2 implementations N-gram, N-gram refined, HMM, HMM refined Focus on two metrics Detection accuracy Computational overhead

18 Prototype & evaluation
Accuracy

19 Prototype & evaluation
Computational overhead

20 Prototype & evaluation
Computational overhead 182.28 18.38 4.81 1.10

21 Conclusion & future work
MadeCR: First approach to detect malwares for CRNs Monitor both control flow and data flow Detect suppression attacks Generate artificial mutants for evaluation Propose refinement approach Future work: Monitor CR at multiple-layer Radio hardware, operating system, user application, and network

22 Overview Background Challenges & contributions
Attack model & security goal MadeCR design Artificial malware generation Prototype & evaluation Conclusion & future work

Download ppt "MadeCR: Correlation-based Malware Detection for Cognitive Radio"

Similar presentations

Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.

Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): 110-117. Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.

Estinet open flow network simulator and emulator. IEEE Communications Magazine 51.9 (2013): Wang, Shie-Yuan, Chih-Liang Chou, and Chun-Ming Yang.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.

Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Exploring the Tradeoffs of Configurability and Heterogeneity in Multicore Embedded Systems + Also Affiliated with NSF Center for High- Performance Reconfigurable.

Exploring the Tradeoffs of Configurability and Heterogeneity in Multicore Embedded Systems + Also Affiliated with NSF Center for High- Performance Reconfigurable.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –

SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –
Management by Network Search

Management by Network Search
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

Similar presentations

Ads by Google