@article{MTMT:34448268, title = {CrySyS dataset of CAN traffic logs containing fabrication and masquerade attacks}, url = {https://m2.mtmt.hu/api/publication/34448268}, author = {Gazdag, András Gábor and Ferenc, Rudolf and Buttyán, Levente}, doi = {10.1038/s41597-023-02716-9}, journal-iso = {SCI DATA}, journal = {SCIENTIFIC DATA}, volume = {10}, unique-id = {34448268}, abstract = {Despite their known security shortcomings, Controller Area Networks are widely used in modern vehicles. Research in the field has already proposed several solutions to increase the security of CAN networks, such as using anomaly detection methods to identify attacks. Modern anomaly detection procedures typically use machine learning solutions that require a large amount of data to be trained. This paper presents a novel CAN dataset specifically collected and generated to support the development of machine learning based anomaly detection systems. Our dataset contains 26 recordings of benign network traffic, amounting to more than 2.5 hours of traffic. We performed two types of attack on the benign data to create an attacked dataset representing most of the attacks previously proposed in the academic literature. As a novelty, we performed all attacks in two versions, modifying either one or two signals simultaneously. Along with the raw data, we also publish the source code used to generate the attacks to allow easy customization and extension of the dataset. © 2023, The Author(s).}, year = {2023}, eissn = {2052-4463}, orcid-numbers = {Gazdag, András Gábor/0000-0002-4481-3308; Ferenc, Rudolf/0000-0001-8897-7403} } @inproceedings{MTMT:34126367, title = {PATRIoTA: A Similarity-based IoT Malware Detection Method Robust Against Adversarial Samples}, url = {https://m2.mtmt.hu/api/publication/34126367}, author = {Sándor, József and Nagy, Roland and Buttyán, Levente}, booktitle = {2023 IEEE International Conference on Edge Computing and Communications (EDGE)}, doi = {10.1109/EDGE60047.2023.00057}, unique-id = {34126367}, year = {2023}, pages = {344-353}, orcid-numbers = {Nagy, Roland/0000-0003-2305-3271} } @inproceedings{MTMT:34123297, title = {A Practical Attack on the TLSH Similarity Digest Scheme}, url = {https://m2.mtmt.hu/api/publication/34123297}, author = {Fuchs, Gábor and Nagy, Roland and Buttyán, Levente}, booktitle = {Proceedings of the 18th International Conference on Availability, Reliability and Security}, doi = {10.1145/3600160.3600173}, unique-id = {34123297}, year = {2023}, pages = {1-10}, orcid-numbers = {Fuchs, Gábor/0009-0007-8598-6882; Nagy, Roland/0000-0003-2305-3271} } @inproceedings{MTMT:34104403, title = {Increasing the Robustness of a Machine Learning-based IoT Malware Detection Method with Adversarial Training}, url = {https://m2.mtmt.hu/api/publication/34104403}, author = {Sándor, J. and Nagy, Roland and Buttyán, Levente}, booktitle = {WiseML'23: Proceedings of the 2023 ACM Workshop on Wireless Security and Machine Learning}, doi = {10.1145/3586209.3591401}, unique-id = {34104403}, year = {2023}, pages = {3-8}, orcid-numbers = {Nagy, Roland/0000-0003-2305-3271} } @inproceedings{MTMT:33207086, title = {SIMBIoTA++: Improved Similarity-based IoT Malware Detection}, url = {https://m2.mtmt.hu/api/publication/33207086}, author = {Buttyán, Levente and Nagy, Roland and Papp, Dorottya}, booktitle = {2022 IEEE 2nd Conference on Information Technology and Data Science (CITDS)}, doi = {10.1109/CITDS54976.2022.9914145}, unique-id = {33207086}, year = {2022}, pages = {51-56}, orcid-numbers = {Nagy, Roland/0000-0003-2305-3271; Papp, Dorottya/0000-0002-9976-614X} } @article{MTMT:33187090, title = {Automotive cybersecurity - Is the legal framework ready for the challenge? - part 2. Overview of the Hungarian legislation}, url = {https://m2.mtmt.hu/api/publication/33187090}, author = {Bocsok, Viktor and Buttyán, Levente}, journal-iso = {INFOKOMMUNIKÁCIÓ JOG}, journal = {INFOKOMMUNIKÁCIÓ ÉS JOG}, volume = {19}, unique-id = {33187090}, issn = {1786-0776}, year = {2022}, pages = {8-19} } @inproceedings{MTMT:33031593, title = {T-RAID: TEE-based Remote Attestation for IoT Devices}, url = {https://m2.mtmt.hu/api/publication/33031593}, author = {Nagy, Roland and Bak, M. and Papp, Dorottya and Buttyán, Levente}, booktitle = {Security in Computer and Information Sciences}, doi = {10.1007/978-3-031-09357-9_7}, volume = {1596 CCIS}, unique-id = {33031593}, abstract = {The Internet of Things (IoT) consists of network-connected embedded devices that enable a multitude of new applications, but also create new risks. In particular, embedded IoT devices can be infected by malware. Operators of IoT systems not only need malware detection tools, but also scalable methods to reliably and remotely verify malware freedom of their IoT devices. In this paper, we address this problem by proposing T-RAID, a remote attestation scheme for IoT devices that takes advantage of the security guarantees provided by a Trusted Execution Environment running on each device.}, year = {2022}, pages = {76-88}, orcid-numbers = {Nagy, Roland/0000-0003-2305-3271; Papp, Dorottya/0000-0002-9976-614X} } @inproceedings{MTMT:32918688, title = {Correlation-Based Anomaly Detection for the CAN Bus}, url = {https://m2.mtmt.hu/api/publication/32918688}, author = {Gazdag, András Gábor and Lupták, György and Buttyán, Levente}, booktitle = {Security in Computer and Information Sciences}, doi = {10.1007/978-3-031-09357-9_4}, unique-id = {32918688}, year = {2022}, pages = {38-50}, orcid-numbers = {Lupták, György/0000-0002-6491-2266} } @inproceedings{MTMT:32820993, title = {SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices}, url = {https://m2.mtmt.hu/api/publication/32820993}, author = {Papp, Dorottya and Ács, Gergely and Nagy, Roland and Buttyán, Levente}, booktitle = {Proceedings of the 7th International Conference on Internet of Things, Big Data and Security, IoTBDS 2022}, doi = {10.5220/0011080200003194}, unique-id = {32820993}, abstract = {Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. In this paper, we present SIMBIoTA-ML, a light-weight antivirus solution that enables embedded IoT devices to take advantage of machine learning-based malware detection. We show that SIMBIoTA-ML can respect the resource constraints of embedded IoT devices, and it has a true positive malware detection rate of ca. 95%, while having a low false positive detection rate at the same time. In addition, the detection process of SIMBIoTA-ML has a near-constant running time, which allows IoT developers to better estimate the delay introduced by scanning a file for malware, a property that is advantageous in real-time applications, notably in the domain of cyber-physical systems.}, year = {2022}, pages = {55-66}, orcid-numbers = {Papp, Dorottya/0000-0002-9976-614X; Nagy, Roland/0000-0003-2305-3271} } @article{MTMT:32820855, title = {IoT Malware Detection with Machine Learning}, url = {https://m2.mtmt.hu/api/publication/32820855}, author = {Buttyán, Levente and Ferenc, Rudolf}, journal-iso = {ERCIM NEWS}, journal = {ERCIM NEWS}, unique-id = {32820855}, issn = {0926-4981}, abstract = {Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these IoT devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. We report on our recent work on using machine learning for efficient and effective malware detection on resource-constrained IoT devices.}, year = {2022}, eissn = {1564-0094}, pages = {17-19}, orcid-numbers = {Ferenc, Rudolf/0000-0001-8897-7403} }