Abstract
The current immersive increase of cyber-attacks requires constant evolution of the used security solutions. Current malware detection solutions are only able to identify known malwares that were previously detected. They also lack the ability to deeply investigate every file in the system. Therefore, new detection techniques are needed to fill this gab. In this study, a flexible and an effective rule-based approach is proposed to detect malicious files by searching for specific types of strings that should not exist in normal legitimate files. The proposed detection technique relies on the use of LOKI as a scanning agent that uses customized YARA rules with different complexities to search for the needed strings. The proposed methodology has been tested and it detected all malwares successfully.
Highlights
The Internet usage has increased drastically during the past few years
The output of the scan shows a number of detected files that have suspicious strings that matched YARA rule database
The file was not downloaded by the system users. It was used by the attacker since it is located in the “temp” folder which is a common place to find malwares. the “webshell.php” file which has the highest score value is clearly a malicious file since it contains many commands/functions that enable the attacker to perform many malicious activities and it is located in the “temp” folder
Summary
The Internet usage has increased drastically during the past few years. The term “Internet of Things” (IoT) has become popular, where different devices are connected to the Internet to provide users with requests or services without being around which saves their time and makes their lives much easier. Due to the increased number of businesses/individuals who use IoT technologies, especially in critical domains such as health and military sectors, a lot of sensitive data are being sent/received. Security has become a crucial aspect in protecting these sensitive data. Securing IoT devices and its data is not an easy task due to the numerous types of cyber-attacks. Current techniques to detect IoT malicious files are not mature enough due to their lack of accuracy, intensive processing power, complexity, inefficiency and time consumption
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
