TY - CHAP AU - Buttyán, Levente AU - Nagy, Roland AU - Papp, Dorottya ED - Fazekas, István TI - SIMBIoTA++: Improved Similarity-based IoT Malware Detection T2 - 2022 IEEE 2nd Conference on Information Technology and Data Science (CITDS) PB - Institute of Electrical and Electronics Engineers (IEEE) CY - Piscataway (NJ) SN - 9781665496520 PY - 2022 SP - 51 EP - 56 PG - 6 DO - 10.1109/CITDS54976.2022.9914145 UR - https://m2.mtmt.hu/api/publication/33207086 ID - 33207086 N1 - Budapest University of Technology and Economics, ELKH-BME Information Systems Research Group, CrySyS Lab, Budapest, Hungary Budapest University of Technology and Economics, CrySyS Lab, Budapest, Hungary Export Date: 15 November 2022 LA - English DB - MTMT ER - TY - CHAP AU - Nagy, Roland AU - Bak, M. AU - Papp, Dorottya AU - Buttyán, Levente ED - Vilmos, Andras ED - Marton, Anna ED - Kehagias, Dionysios ED - Jankovic, Marija ED - Gelenbe, Erol TI - T-RAID: TEE-based Remote Attestation for IoT Devices T2 - Security in Computer and Information Sciences: Second International Symposium, EuroCybersec 2021 VL - 1596 CCIS PB - Springer International Publishing CY - Cham SN - 9783031093562 T3 - Communications in Computer and Information Science, ISSN 1865-0929 ; 1596. PY - 2022 SP - 76 EP - 88 PG - 13 DO - 10.1007/978-3-031-09357-9_7 UR - https://m2.mtmt.hu/api/publication/33031593 ID - 33031593 N1 - Export Date: 28 July 2022 Correspondence Address: Buttyán, L.; Laboratory of Cryptography and System Security (CrySyS Lab), Hungary; email: buttyan@crysys.hu AB - The Internet of Things (IoT) consists of network-connected embedded devices that enable a multitude of new applications, but also create new risks. In particular, embedded IoT devices can be infected by malware. Operators of IoT systems not only need malware detection tools, but also scalable methods to reliably and remotely verify malware freedom of their IoT devices. In this paper, we address this problem by proposing T-RAID, a remote attestation scheme for IoT devices that takes advantage of the security guarantees provided by a Trusted Execution Environment running on each device. LA - English DB - MTMT ER - TY - CHAP AU - Papp, Dorottya AU - Ács, Gergely AU - Nagy, Roland AU - Buttyán, Levente ED - Bastieri, D ED - Wills, G ED - Kacsuk, Péter ED - Chang, V TI - SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices T2 - Proceedings of the 7th International Conference on Internet of Things, Big Data and Security, IoTBDS 2022 PB - SciTePress CY - Setubal SN - 9789897585647 T3 - IoTBDS, ISSN 2184-4976 PY - 2022 SP - 55 EP - 66 PG - 12 DO - 10.5220/0011080200003194 UR - https://m2.mtmt.hu/api/publication/32820993 ID - 32820993 N1 - Funding Agency and Grant Number: National Research, Development and Innovation Fund of Hungary [2018-1.2.1-NKP-2018-00004]; Ministry of Innovation and Technology NRDI Office [2018-1.2.1-NKP] Funding text: The presented work was carried out within the SETIT Project (2018-1.2.1-NKP-2018-00004), which has been implemented with the support provided from the National Research, Development and Innovation Fund of Hungary, financed under the 2018-1.2.1-NKP funding scheme. The research was also supported by the Ministry of Innovation and Technology NRDI Office within the framework of the Artificial Intelligence National Laboratory Program. The authors would like to thank Zolt ' an Iuhos for his help in implementing the experiments. AB - Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. In this paper, we present SIMBIoTA-ML, a light-weight antivirus solution that enables embedded IoT devices to take advantage of machine learning-based malware detection. We show that SIMBIoTA-ML can respect the resource constraints of embedded IoT devices, and it has a true positive malware detection rate of ca. 95%, while having a low false positive detection rate at the same time. In addition, the detection process of SIMBIoTA-ML has a near-constant running time, which allows IoT developers to better estimate the delay introduced by scanning a file for malware, a property that is advantageous in real-time applications, notably in the domain of cyber-physical systems. LA - English DB - MTMT ER - TY - THES AU - Papp, Dorottya TI - Improved security and protection from malware for embedded IoT devices PB - Budapesti Műszaki és Gazdaságtudományi Egyetem PY - 2021 SP - 120 UR - https://m2.mtmt.hu/api/publication/32523298 ID - 32523298 LA - English DB - MTMT ER - TY - JOUR AU - Nagy, Roland AU - Németh, Krisztián AU - Papp, Dorottya AU - Buttyán, Levente TI - Rootkit Detection on Embedded IoT Devices JF - ACTA CYBERNETICA J2 - ACTA CYBERN-SZEGED VL - 25 PY - 2021 IS - 2 SP - 369 EP - 400 PG - 32 SN - 0324-721X DO - 10.14232/actacyb.288834 UR - https://m2.mtmt.hu/api/publication/32468427 ID - 32468427 N1 - Special Issue of the 12th Conference of PhD Students in Computer Science Export Date: 2 May 2022 CODEN: ACCYD AB - IoT systems are subject to cyber attacks, including infecting embedded IoT devices with rootkits. Rootkits are malicious software that typically run with elevated privileges, which makes their detection challenging. In this paper, we address this challenge: we propose a rootkit detection approach for embedded IoT devices that takes advantage of a trusted execution environment (TEE), which is often supported on popular IoT platforms, such as ARM based embedded boards. The TEE provides an isolated environment for our rootkit detection algorithms, and prevents the rootkit from interfering with their execution even if the rootkit has root privileges on the untrusted part of the IoT device. Our rootkit detection algorithms identify modifications made by the rootkit to the code of the operating system kernel, to system programs, and to data influencing the control flow (e.g., hooking system calls), as well as inconsistencies created by the rootkit in certain kernel data structures (e.g., those responsible to handle process related information). We also propose algorithms to detect rootkit components in the persistent storage of the device. Besides describing our approach and algorithms in details, we also report on a prototype implementation and on the evaluation of our design and implementation, which is based on testing our prototype with rootkits that we developed for this purpose. LA - English DB - MTMT ER - TY - CHAP AU - Tamás, Csongor AU - Papp, Dorottya AU - Buttyán, Levente ED - Gary, Wills ED - Péter, Kacsuk ED - Victor, Chang TI - SIMBIoTA: Similarity-based Malware Detection on IoT Devices T2 - Proceedings of the 6th International Conference on Internet of Things, Big Data and Security PB - SciTePress CY - Setubal SN - 9789897585043 T3 - IoTBDS, ISSN 2184-4976 ; 2021. PY - 2021 SP - 58 EP - 69 PG - 12 DO - 10.5220/0010441500580069 UR - https://m2.mtmt.hu/api/publication/32008376 ID - 32008376 N1 - Funding Agency and Grant Number: National Research, Development and Innovation Fund of Hungary [2018-1.2.1-NKP-2018-00004]; [2018-1.2.1-NKP] Funding text: The presented work was carried out within the SETIT Project (2018-1.2.1-NKP-2018-00004), which has been implemented with the support provided from the National Research, Development and Innovation Fund of Hungary, financed under the 2018-1.2.1-NKP funding scheme.; The malware dataset and the support provided by Ukatemi Technologies for the research presented in this paper are also kindly acknowledged.; The authors are grateful to Gergely A ' cs, Gergely Bicz ' ok, and M ' at ' e Horv ' ath for reading the manuscript and providing valuable comments that helped improving the paper. The authors would also like to thank Zolt ' an Iuhos for spotting an embarrassing mistake in an earlier version of the paper. AB - Embedded devices connected to the Internet are threatened by malware, and currently, no antivirus product is available for them. We present SIMBIoTA, a new approach for detecting malware on such IoT devices. SIMBIoTA relies on similarity-based malware detection, and it has a number of notable advantages: moderate storage requirements on resource constrained IoT devices, a fast and lightweight malware detection process, and a surprisingly good detection performance, even for new, never-before-seen malware. These features make SIMBIoTA a viable antivirus solution for IoT devices, with competitive detection performance and limited resource requirements. LA - English DB - MTMT ER - TY - JOUR AU - Papp, Dorottya AU - Máté, Zombor AU - Buttyán, Levente TI - TEE Based Protection of Cryptographic Keys on Embedded IoT Devices JF - ANNALES MATHEMATICAE ET INFORMATICAE J2 - ANN MATH INFORM VL - 53 PY - 2021 SP - 245 EP - 256 PG - 12 SN - 1787-5021 DO - 10.33039/ami.2021.02.002 UR - https://m2.mtmt.hu/api/publication/31907009 ID - 31907009 N1 - Export Date: 28 October 2021 Funding text 1: The presented work was carried out within the SETIT Project (2018-1.2.1-NKP-2018-00004), which has been implemented with the support provided from the National Research, Development and Innovation Fund of Hungary, financed under the 2018-1.2.1-NKP funding scheme. AB - The Internet of Things (IoT) consists of billions of embedded devices connected to the Internet. Secure remote management of many of these devices requires them to store and use long-term cryptographic keys. In this work we propose to protect cryptographic keys in embedded IoT devices using a Trusted Execution Environment (TEE) which is supported on many embedded platforms. Our approach provides similar protection as secure co-processors, but does not actually require an additional secure hardware element. LA - English DB - MTMT ER - TY - CONF AU - Márton, Juhász AU - Papp, Dorottya AU - Buttyán, Levente TI - Towards Secure Remote Firmware Update on Embedded IoT Devices T2 - The 12th Conference of PhD Students in Computer Science PB - Szegedi Tudományegyetem (SZTE) C1 - Szeged PY - 2020 SP - 108 EP - 111 PG - 4 UR - https://m2.mtmt.hu/api/publication/31907128 ID - 31907128 LA - English DB - MTMT ER - TY - CHAP AU - Bak, Márton AU - Papp, Dorottya AU - Tamás, Csongor AU - Buttyán, Levente ED - IEEE, null TI - Clustering IoT Malware based on Binary Similarity T2 - NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium: Management in the Age of Softwarization and Artificial Intelligence PB - Institute of Electrical and Electronics Engineers (IEEE) CY - Piscataway (NJ) SN - 9781728149738 T3 - IEEE IFIP Network Operations and Management Symposium, ISSN 1542-1201 PY - 2020 PG - 6 DO - 10.1109/NOMS47738.2020.9110432 UR - https://m2.mtmt.hu/api/publication/31316039 ID - 31316039 N1 - BME-HIT, CrySyS Lab, Hungary Ukatemi Technologies, Hungary AIT Austrian Institute of Technology GmbH, Austria Conference code: 160952 Export Date: 28 October 2021 Funding details: European Commission, EC Funding details: European Social Fund, ESF, EFOP-3.6.2-16-2017-00013 Funding text 1: The presented research has been partially supported by the SETIT Project (no. 2018-1.2.1-NKP-2018-00004), which has been implemented with the support provided from the National Research, Development and Innovation Fund of Hungary, financed under the 2018-1.2.1-NKP funding scheme, and by the European Union, co-financed by the European Social Fund (EFOP-3.6.2-16-2017-00013, Thematic Fundamental Research Collaborations Grounding Innovation in Informatics and Infocommunications). LA - English DB - MTMT ER - TY - CHAP AU - Papp, Dorottya AU - Tarrach, Thorsten AU - Buttyán, Levente ED - Ölveczky, Peter Csaba ED - Salaün, Gwen TI - Towards Detecting Trigger-Based Behavior in Binaries: Uncovering the Correct Environment T2 - Software Engineering and Formal Methods PB - Springer Netherlands CY - Cham SN - 9783030304454 T3 - Lecture Notes in Computer Science, ISSN 2512-2010 ; 11724. PY - 2019 SP - 491 EP - 509 PG - 19 DO - 10.1007/978-3-030-30446-1_26 UR - https://m2.mtmt.hu/api/publication/30804532 ID - 30804532 N1 - CrySyS Lab, Department of Networked Systems and Services, BME, Budapest, Hungary AIT Austrian Institute of Technology GmbH, Vienna, Austria Conference code: 231749 Export Date: 28 October 2021 Correspondence Address: Papp, D.; CrySyS Lab, Hungary; email: dpapp@crysys.hu LA - English DB - MTMT ER -