József Sándor

PhD student

jozsef.sandor (at) crysys.hu

web: sandorjozsef.github.io
office: I.E. 429
tel: +36 1 463 2063

Current courses | Publications

Short Bio

József Sándor was born in 2000 in Székelyudvarhely, Romania. He earned both his B.Sc. and M.Sc. degrees in Computer Engineering from the Budapest University of Technology and Economics (BME). During his studies, he actively participated in research conducted at the Laboratory of Cryptography and System Security (CrySyS Lab) under the supervision of Dr. Levente Buttyán. His research focuses on IoT security, particularly in the area of IoT malware detection.

Current Courses

Coding and IT Security (VIHIBB01)

This BProf course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course also gives an introduction to source software security and channel coding.

Publications

2023

Increasing the Robustness of a Machine Learning-based IoT Malware Detection Method with Adversarial Training

J. Sandor and R. Nagy and L. Buttyán

WiseML'23: Proceedings of the 2023 ACM Workshop on Wireless Security and Machine Learning, 2023.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Jozsef Sandor and Roland Nagy and Levente Buttyán},
   title = {Increasing the Robustness of a Machine Learning-based IoT Malware Detection Method with Adversarial Training},
   booktitle = {WiseML'23: Proceedings of the 2023 ACM Workshop on Wireless Security and Machine Learning},
   year = {2023},
   howpublished = "\url{https://dl.acm.org/doi/10.1145/3586209.3591401}"
}

Keywords

Internet-of-Things; malware detection; machine learning; adversarial examples; adversarial training

Abstract

We study the robustness of SIMBIoTA-ML, a recently proposed machine learning-based IoT malware detection solution against adversarial samples. First, we propose two adversarial sample creation strategies that modify existing malware binaries by appending extra bytes to them such that those extra bytes are never executed, but they make the modified samples dissimilar to the original ones. We show that SIMBIoTA-ML is robust against the first strategy, but it can be misled by the second one. To overcome this problem, we propose to use adversarial training, i.e., to extend the training set of SIMBIoTA-ML with samples that are crafted by using the adversarial evasion strategies. We measure the detection accuracy of SIMBIoTA-ML trained on such an extended training set and show that it remains high both for the original malware samples and for the adversarial samples.

PATRIoTA: A Similarity-based IoT Malware Detection Method Robust Against Adversarial Samples

J. Sandor and R. Nagy and L. Buttyán

IEEE International Conference on Edge Computing and Communications (EDGE), 2023.

Bibtex | Abstract | PDF | Link

@inproceedings {
   author = {Jozsef Sandor and Roland Nagy and Levente Buttyán},
   title = {PATRIoTA: A Similarity-based IoT Malware Detection Method Robust Against Adversarial Samples},
   booktitle = {IEEE International Conference on Edge Computing and Communications (EDGE)},
   year = {2023},
   howpublished = "\url{https://ieeexplore.ieee.org/document/10234259}"
}

Keywords

Internet-of-Things; malware detection; binary similarity; locality-sensitive hashing; robustness against adver- sarial samples.

Abstract

Detecting malware targeting IoT devices has became an important challenge with the recent emergence of IoT botnets. Gateways at the edge between the Internet and IoT devices deployed in the field are particularly well-positioned for the task of malware detection, as malware typically spreads over the Internet and resource-constrained field devices may not have the means to protect themselves. Hence, we believe that, among other things, edge intelligence should also include effective and efficient IoT malware detection. A recently proposed similarity- based IoT malware detection method, called SIMBIoTA, would be suitable in this context, but its robustness against adversarial malware samples has been shown to be rather weak. In this paper, we propose PATRIoTA, a similarity-based IoT malware detection method inspired by SIMBIoTA, but being significantly more robust than SIMBIoTA is. We describe the operation of PATRIoTA, and compare its malware detection performance and robustness against adversarial samples to that of SIMBIoTA. We show that PATRIoTA outperforms SIMBIoTA with respect to both measures.