Open AccessDeep Learning for Identifying Malicious Firmware
Author(s) -
David Noever,
Samantha E. Miller Noever
Publication year - 2021
Language(s) - English
Resource type - Conference proceedings
DOI - 10.5121/csit.2021.111506
Subject(s) - firmware , computer science , mnist database , deep learning , convolutional neural network , artificial intelligence , byte , machine learning , artificial neural network , transfer of learning , operating system
A malicious firmware update may prove devastating to the embedded devices both that make up the Internet of Things (IoT) and alsothat typically lack the same security verifications now applied to full operating systems. This work converts the binary headers of 40,000 firmware examples from bytes into 1024-pixel thumbnail images to train a deep neural network. The aim is to distinguish benign and malicious variants using modern deep learning methods without needing detailed functional or forensic analysis tools. One outcome of this image conversion enables contact with the vast machine learning literature already applied to handle digit recognition (MNIST). Another result indicates that greater than 90% accurate classifications prove possible using image-based convolutional neural networks (CNN) when combined with transfer learning methods. The envisioned CNN application would intercept firmware updates before their distribution to IoT networks and score their likelihood of containing malicious variants.