2019
DOI: 10.1109/jiot.2019.2925929
|View full text |Cite
|
Sign up to set email alerts
|

Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach

Abstract: The growth in the number of Android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware), calling for new analysis approaches. We represent binaries using their graph properties of the Control Flow Graph (CFG) structure and conduct an in-depth analysis of malicious graphs extracted from the Android and IoT malware to understand their differences. Using 2,874 and 2,891 malware binaries corresponding to IoT and Android samples, we analyze both gener… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
46
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
8
1

Relationship

0
9

Authors

Journals

citations
Cited by 124 publications
(46 citation statements)
references
References 40 publications
0
46
0
Order By: Relevance
“…In addition, control flow graph (CFG) was another common choice for malware classification. In [31], a CFG-based deep learning model was constructed to identify malware and benignware IoT disassembled samples.…”
Section: Machine Learning Methods On Edge Malware Detection and Categmentioning
confidence: 99%
“…In addition, control flow graph (CFG) was another common choice for malware classification. In [31], a CFG-based deep learning model was constructed to identify malware and benignware IoT disassembled samples.…”
Section: Machine Learning Methods On Edge Malware Detection and Categmentioning
confidence: 99%
“…od (octal dump) -Tool for debugging, visualizing executable code, and dumping in octal (default), hex, ASCII formats. openwrt [18] For benign firmwares pyelftools [28] Python library to parse and analyze ELFs and debugging radare2 [32], [34], [41] Binary forensic analysis, reverse engineering, exploiting and debugging tool. Options such as 'afl' can be used to disassemble function lists, get count of functions etc.…”
Section: Elfdump -mentioning
confidence: 99%
“…2) Graph-based features The most popular graph-based feature explored for malware analysis is Control Flow Graph (CFG) -a data structure that represents the order of opcodes execution in a file. Alasmary et al [22] extracted CFGs and characterized the executables by graph features including numbers of nodes and edges, density, centrality, shortest path, etc. Convolutional Neural Network (CNN) was then employed for the analysis and yielded 99.66% accuracy for detection and 99.32% accuracy for malware family classification.…”
Section: B Malware Detection and Malware Family Classificationmentioning
confidence: 99%