Research Article Open Access

Rule-Based Approach to Detect IoT Malicious Files

Faisal Alsattam1, Mousa Al-Akhras2, Marwah M. Almasri1 and Mohammed Alawairdhi1
  • 1 Saudi Electronic University, Saudi Arabia
  • 2 The University of Jordan, Jordan
Journal of Computer Science
Volume 16 No. 9, 2020, 1203-1211

DOI: https://doi.org/10.3844/jcssp.2020.1203.1211

Submitted On: 7 August 2020 Published On: 15 October 2020

How to Cite: Alsattam, F., Al-Akhras, M., Almasri, M. M. & Alawairdhi, M. (2020). Rule-Based Approach to Detect IoT Malicious Files. Journal of Computer Science, 16(9), 1203-1211. https://doi.org/10.3844/jcssp.2020.1203.1211

Abstract

The current immersive increase of cyber-attacks requires constant evolution of the used security solutions. Current malware detection solutions are only able to identify known malwares that were previously detected. They also lack the ability to deeply investigate every file in the system. Therefore, new detection techniques are needed to fill this gab. In this study, a flexible and an effective rule-based approach is proposed to detect malicious files by searching for specific types of strings that should not exist in normal legitimate files. The proposed detection technique relies on the use of LOKI as a scanning agent that uses customized YARA rules with different complexities to search for the needed strings. The proposed methodology has been tested and it detected all malwares successfully.

  • 278 Views
  • 131 Downloads
  • 0 Citations

Download

Keywords

  • Digital Forensics
  • IoT Forensics
  • LOKI
  • YARA Rules
  • IoT Malware