RESEARCHING AND PROPOSING PSI GRAPH AS A
FEATURE FOR BOTNET DETECTION ON IOT DEVICES
–
………………
…… …… ……
25
TABLE OF CONTENTS
INTRODUCTION ...................................................................................................................................... 1
1. The urgency of this thesis .................................................................................................................. 1
2. Research aim ..................................................................................................................................... 1
3. Research object and area ................................................................................................................... 1
4. Research outlines and methodology .................................................................................................. 1
5. Thesis layout ...................................................................................................................................... 2
CHAPTER 1: THEORETICAL BASIS ..................................................................................................... 2
1.1. Definition and characteristics of IoT devices ................................................................................. 2
1.2. Definition of IoT botnet.................................................................................................................. 3
1.3. The evolution of IoT botnet ............................................................................................................ 3
1.4. Comparison between traditional botnet and IoT botnet ................................................................. 3
CHAPTER 2. IOT BOTNET MALWARE DETECTION METHOD ...................................................... 4
2.1. Comparison of static and dynamic analysis ................................................................................... 4
2.2. Evaluation of IoT botnet detection methods based on static analysis ............................................ 5
2.2.1. Constructing dataset for experimental .................................................................................... 6
2.2.2. Experimental results and discussions ..................................................................................... 7
CHAPTER 3. PSI GRAPH FEATURE FOR DETECTION OF IOT BOTNET ....................................... 8
3.1. Statement of the problem................................................................................................................ 8
3.2. Explaination of the problem ........................................................................................................... 8
3.3. Proposed method ............................................................................................................................ 8
3.4. Function call graph in IoT botnet malware detection ..................................................................... 9
3.5. PSI Graph construction ................................................................................................................ 11
3.6. Experimental evaluation ............................................................................................................... 13
3.6.1. Experimental environment ................................................................................................... 13
3.6.2. Evaluation model .................................................................................................................. 13
3.6.3. Experimental results and discussion ..................................................................................... 14
CHAPTER 4. PSI-ROOTED SUBGRAPH FEATURE IN DETECTING IOT BOTNET ..................... 16
4.1. Statement of the problem.............................................................................................................. 16
4.2. Building PSI-rooted subgraph feaure ........................................................................................... 16
4.3. Experiment and evaluate the results ............................................................................................. 18
26
4.3.1. Experimental environment ................................................................................................... 18
4.3.2. Evaluation model .................................................................................................................. 18
4.3.2. Experimental results and discussion ..................................................................................... 19
CONCLUSIONS ...................................................................................................................................... 23
1
INTRODUCTION
1. The urgency of this thesis
The revolution of Industry 4.0, which is known as either Internet of Things or Industrial Internet, has a
great impact on the industry of every nation. Although having several alternative name, the industrial 4.0 has
the most significant characteristic which is known as the replacement of traditional production machines into
fully-automated machines which were built on top of IoT devices. By applying the cutting edge technology of
the Industry 4.0, humans are being able to take major leaps in almost every fields namely medical, education,
economics,... Although the Industry 4.0 is providing undeniable benefits, it has posed a plenty of cyber security
threats which may directly cause negative impact on national security and regional stability. Recent survey
conducted on published articles from Elsivier, IEEE, Hindawi and Springer [6] suggested that authentication
had been the most common solution in securing IoT devices while research in the field of trust management
as well as lightweight cryptography and secure communication between IoT devices had being gained their
popularity. Furthermore, botnet had been one of the most dangerous threats to IoT devices. Therefore, to meet
the urgent demand of a real world problem in securing IoT devices, this thesis focused on researching and
proposing a PSI graph which can be leveraged as a feature for botnet detection on IoT devices.
2. Research aim
By analyzing the emerging needs as described above, this thesis specified the research target as to
propose a feature having a novel yet efficient and low complex ity graph structure in detecting multi-arch IoT
botnet with high accuracy.
3. Research object and area
- Research object: the research objects of this thesis are multi-arch binary executables on IoT devices
that operated on Linux Kernel 2.6 or 3.2.
- Research area: this thesis focuses on reformulating malware detection as a binary classification
problem with the following constraint: only research static analysis method for IoT botnet detection on IoT
devices that have restricted resources (SOHO devices) such devices that have either low power consumption
or small memory and limited computing capability.
4. Research outlines and methodology
*) Research outlines: the thesis will focus on analyzing and evaluating some of the following
contents:
- Research the development, evolution and specification of IoT botnet and IoT botnet detection methods
- Surveying, analyzing and evaluating existing IoT botnet detection methods that inherit from the static
analysis on the same dataset and environment.
- Researching and proposing a new graph-based feature that can be applied in the IoT botnet detection
process.
- Evaluating the proposed feature on accuracy and complexity in IoT botnet detection by using the
reliable datasets as well as comparing the experimented results with others proposals which had the same
approach.
*) Research methodology
Combining theoretical research with practical research
![Đề án Thạc sĩ: Tổ chức hoạt động văn hóa cho sinh viên Trường Cao đẳng Du lịch Hà Nội [Chuẩn nhất]](https://cdn.tailieu.vn/images/document/thumbnail/2025/20251202/kimphuong1001/135x160/91661764646353.jpg)
