TY - GEN
T1 - Efficient signature generation for classifying cross-architecture IoT malware
AU - Alhanahnah, Mohannad
AU - Lin, Qicheng
AU - Yan, Qiben
AU - Zhang, Ning
AU - Chen, Zhenxiang
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/8/10
Y1 - 2018/8/10
N2 - Internet-of-Things IoT devices are increasingly targeted Uy adversaries due to their unique characteristics such as constant online connection, lack of protection, and full integration in people's daily life. As attackers shift their targets towards IoT devices, malware has been developed to compromise IoT devices equipped with different CPU architectures. While malware detection has been a well-studied area for desktop PCs, heterogeneous processor architecture in IoT devices brings in unique challenges. Existing approaches utilize static or dynamic binary analysis for identifying malware characteristics, Uut they all fall short when dealing with IoT malware compiled for different architectures. In this paper, we propose an efficient signature generation method for IoT malware, which generates distinguishable signatures based on high-level structural, statistical and string feature vectors, as high-level features are more robust against code variations across different architectures. The generated signatures for each malware family can be used for developing lightweight malware detection tools to secure IoT devices. Extensive experiments with two datasets of 5,150 recent IoT malware samples show that our scheme can achieve 95.5% detection rate with 0% false positive rate. Moreover, the proposed scheme can achieve 85.2% detection rate in detecting novel IoT malware.
AB - Internet-of-Things IoT devices are increasingly targeted Uy adversaries due to their unique characteristics such as constant online connection, lack of protection, and full integration in people's daily life. As attackers shift their targets towards IoT devices, malware has been developed to compromise IoT devices equipped with different CPU architectures. While malware detection has been a well-studied area for desktop PCs, heterogeneous processor architecture in IoT devices brings in unique challenges. Existing approaches utilize static or dynamic binary analysis for identifying malware characteristics, Uut they all fall short when dealing with IoT malware compiled for different architectures. In this paper, we propose an efficient signature generation method for IoT malware, which generates distinguishable signatures based on high-level structural, statistical and string feature vectors, as high-level features are more robust against code variations across different architectures. The generated signatures for each malware family can be used for developing lightweight malware detection tools to secure IoT devices. Extensive experiments with two datasets of 5,150 recent IoT malware samples show that our scheme can achieve 95.5% detection rate with 0% false positive rate. Moreover, the proposed scheme can achieve 85.2% detection rate in detecting novel IoT malware.
UR - https://www.scopus.com/pages/publications/85052552373
U2 - 10.1109/CNS.2018.8433203
DO - 10.1109/CNS.2018.8433203
M3 - Conference contribution
AN - SCOPUS:85052552373
SN - 9781538645864
T3 - 2018 IEEE Conference on Communications and Network Security, CNS 2018
BT - 2018 IEEE Conference on Communications and Network Security, CNS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th IEEE Conference on Communications and Network Security, CNS 2018
Y2 - 30 May 2018 through 1 June 2018
ER -