Afsah Anwar scite author profile

The growth in the number of Android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware), calling for new analysis approaches. We represent binaries using their graph properties of the Control Flow Graph (CFG) structure and conduct an in-depth analysis of malicious graphs extracted from the Android and IoT malware to understand their differences. Using 2,874 and 2,891 malware binaries corresponding to IoT and Android samples, we analyze both general characteristics and graph algorithmic properties. Using the CFG as an abstract structure, we then emphasize various interesting findings, such as the prevalence of unreachable code in Android malware, noted by the multiple components in their CFGs, and larger number of nodes in the Android malware, compared to the IoT malware, highlighting a higher order of complexity. We implement a Machine Learning based classifiers to detect IoT malware from benign ones, and achieved an accuracy of 97.9% using Random Forests (RF).

show abstract

Adversarial Learning Attacks on Graph-based IoT Malware Detection Systems

Abusnaina

Khormali

Alasmary

et al. 2019

View full text Add to dashboard Cite

The main goal of this study is to investigate the robustness of graph-based Deep Learning (DL) models used for Internet of Things (IoT) malware classification against Adversarial Learning (AL). We designed two approaches to craft adversarial IoT software, including Off-the-Shelf Adversarial Attack (OSAA) methods, using six different AL attack approaches, and Graph Embedding and Augmentation (GEA). The GEA approach aims to preserve the functionality and practicality of the generated adversarial sample through a careful embedding of a benign sample to a malicious one. Our evaluations demonstrate that OSAAs are able to achieve a misclassification rate (MR) of 100%. Moreover, we observed that the GEA approach is able to misclassify all IoT malware samples as benign.

show abstract

Soteria: Detecting Adversarial Examples in Control Flow Graph-based Malware Classifiers

Alasmary

Abusnaina

Jang

et al. 2020

View full text Add to dashboard Cite

Graph-Based Comparison of IoT and Android Malware

Alasmary

Anwar

Park

et al. 2018

View full text Add to dashboard Cite

Understanding the Hidden Cost of Software Vulnerabilities: Measurements and Predictions

Anwar

Khormali

Nyang

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Afsah Anwar

Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach

Adversarial Learning Attacks on Graph-based IoT Malware Detection Systems

Soteria: Detecting Adversarial Examples in Control Flow Graph-based Malware Classifiers

Graph-Based Comparison of IoT and Android Malware

Understanding the Hidden Cost of Software Vulnerabilities: Measurements and Predictions

Contact Info

Product

Resources

About