CFP last date
22 April 2024
Reseach Article

Combating Malware with Whitelisting in IoT-based Medical Devices

by Raghu Nallani Chakravartula, V. Naga Lakshmi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 167 - Number 8
Year of Publication: 2017
Authors: Raghu Nallani Chakravartula, V. Naga Lakshmi
10.5120/ijca2017914554

Raghu Nallani Chakravartula, V. Naga Lakshmi . Combating Malware with Whitelisting in IoT-based Medical Devices. International Journal of Computer Applications. 167, 8 ( Jun 2017), 33-37. DOI=10.5120/ijca2017914554

@article{ 10.5120/ijca2017914554,
author = { Raghu Nallani Chakravartula, V. Naga Lakshmi },
title = { Combating Malware with Whitelisting in IoT-based Medical Devices },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2017 },
volume = { 167 },
number = { 8 },
month = { Jun },
year = { 2017 },
issn = { 0975-8887 },
pages = { 33-37 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume167/number8/27932-2017914554/ },
doi = { 10.5120/ijca2017914554 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:14:20.807011+05:30
%A Raghu Nallani Chakravartula
%A V. Naga Lakshmi
%T Combating Malware with Whitelisting in IoT-based Medical Devices
%J International Journal of Computer Applications
%@ 0975-8887
%V 167
%N 8
%P 33-37
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the rapid advancements in the mobile, Internet and wireless technologies, the computing environment is seamlessly getting integrated into the physical world and being connected to the Internet leading to Internet of Things (IoT). In this environment, heterogeneous devices can communicate with one another, leading to innovative applications in healthcare. Malware in IoT environment possesses a great challenge due to interconnected and interoperated systems. Traditional signature based anti-malware solutions will not suffice to healthcare based IoT devices. The paper presents a novel approach of using whitelisting in IoT-based healthcare medical devices and illustrate the performance improvements over traditional solutions.

References
  1. O. Sukwong, H. S. Kim, J. C. Hoe, ”Commercial Antivirus Software Effectiveness: An Empirical Study”, Computer, vol. 44, no. 3, pp. 63-70, 2011. ”Critical Controls for Effective Cyber Defense” in , vol. 4.1, 2013.
  2. S. Alvarez and T. Zoller ”The Death of AV Defense in Depthrevisiting Anti-Virus Software ” in CanSecWest Vancouver B.C. Canada 2008.
  3. S. Jana and V. Shmatikov ”Abusing File Processing in Malware Detectors for Fun and Profit ” in IEEE Symposium on Security and Privacy (S&P) 2012 San Francisco CA USA 2012 pp. 80-94.
  4. B. B. Rad M. Masrom and S. Ibrahim ”Camouflage in Malware: from Encryption to Metamorphism ” International Journal of Computer Science and Network Security vol. 12 no. 8 pp. 74-83 Aug. 2012.
  5. K. Murad S.-M. Cheng Y. Zikria and N. Ikram ”Evading Virus Detection Using Code Obfuscation ” Future Generation Information Technology pp. 394-401 2010
  6. P. O’Kane S. Sezer and K. McLaughlin ”Obfuscation: The Hidden Malware”, Security & Privacy IEEE vol. 9 no. 5 pp. 41-47 2011.
  7. Kelly Hughes and Yanzhen Qu ?Performance Measures of Behavior-based Signatures? 9th International Conference on Availability, Reliability and Security, 2014.
  8. ClamAV (May, 2017). Retrieved from clamav.org
  9. ”Los Angeles hospital paid $17,000 in bitcoin to ransomware hackers”, [Online Document Feb, 2016] Available at https://www.theguardian.com/technology/2016/feb/17/losangeles- hospital-hacked-ransom-bitcoin-hollywood-presbyterianmedical- center
  10. ”Medical Devices Hit By Ransomware For The First Time In US Hospitals”, [Online Document May, 17] Available at https://www.forbes.com/sites/thomasbrewster/2017/05/17/wannacryransomware- hit-real-medical-devices/#425cf961425c
  11. A. Beuhring and K. Salous, ”Beyond Blacklisting: Cyberdefense in the Era of Advanced Persistent Threats,” in IEEE Security & Privacy, vol. 12, no. 5, pp. 90-93, Sept.-Oct. 2014.
  12. S. Dery, ”Using Whitelisting to Combat Malware Attacks at Fannie Mae,” in IEEE Security & Privacy, vol. 11, no. 4, pp. 90-92, July-Aug. 2013
  13. Patrice Godefroid Michaeal Y. Levin David Molnar SAGE: Whitebox Fuzzing for Security Testing Communications of the ACM March 2012.
  14. P. R. L. Eswari and N. S. C. Babu, ”A practical business security framework to combat malware threat,” World Congress on Internet Security (WorldCIS-2012)?
  15. S. A. C. DeCato, ”Increasing the security on non-networked ground support equipment: Analyzing the implementation of whitelisting protection,” 2016 IEEE AUTOTESTCON, Anaheim, CA, 2016, pp. 1-5.
  16. NIST Whitelisting Guide http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800- 167.pdf
  17. J. Newsome, B. Karp, and D. Song, ”Polygraph: Automatically generating signatures for polymorphic worms,” presented at the 2005 IEEE Symposium on Security and Privacy, 2005.
  18. Z. Li, M. Sanghi, Y. Chen, M.-Y. Kao, and B.Chavez, ”Hamsa: fast signature generation for zeroday polymorphic worms with provable attack resilience,” in 2006 IEEE Symposium on Security and Privacy 2006, pp. 15 pp.-47.
  19. W.-C. Sun and Y.-M. Chen, ”A rough set approach for automatic key attributes identification of zero-day polymorphic worms,” Expert Systems with Applications, vol. 36, pp. 4672-4679, 2009.
  20. Z. Li, L. Wang, Y. Chen, and Z. Fu, ”Network-based and attack-resilient length signature generation for zero-day polymorphic worms,” in IEEE International Conference on Network Protocols, Beijing, China,2007, pp. 164-173.
  21. M. F. Zolkipli and A. Jantan, ”A framework for malware detection using combination technique and signature generation,” presented at the Second International Conference on Computer Research and Development, 2010.
  22. ”Wannacry”, Available online https://icscert. us-cert.gov/sites/default/files/FactSheets/ICSCERT FactSheet WannaCry Ransomware?pdf
  23. G. Hu and D. Venugopal, ”A malware signature extraction and detection method applied to mobile networks,” in Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE International, 2007, pp. 19-26
  24. J. M. Hagen, E. Albrechtsen, and J. Hovden, ”Implementation and effectiveness of organizational information security measures,” Information Management & Computer Security, vol. 16, pp. 377- 397, 2008.
Index Terms

Computer Science
Information Sciences

Keywords

Internet of Things (IoT) Whitelisting approach Medical devices Signature based Anti-Virus (AV) Malware