Visible to the public Cross Platform IoT-Malware Family Classification Based on Printable Strings

Submitted by grigby1 on Tue, 09/21/2021 - 2:57pm
TitleCross Platform IoT-Malware Family Classification Based on Printable Strings
Publication TypeConference Paper
Year of Publication2020
AuthorsLee, Yen-Ting, Ban, Tao, Wan, Tzu-Ling, Cheng, Shin-Ming, Isawa, Ryoichi, Takahashi, Takeshi, Inoue, Daisuke
Conference Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date Publisheddec
Keywordscomputer security, feature extraction, Geophysical measurement techniques, Ground penetrating radar, Human Behavior, Internet of Things, IoT malware, machine learning, Malware, malware analysis, malware classication, Metrics, privacy, pubcrawl, resilience, Resiliency, static analysis, Task Analysis, Training
AbstractIn this era of rapid network development, Internet of Things (IoT) security considerations receive a lot of attention from both the research and commercial sectors. With limited computation resource, unfriendly interface, and poor software implementation, legacy IoT devices are vulnerable to many infamous mal ware attacks. Moreover, the heterogeneity of IoT platforms and the diversity of IoT malware make the detection and classification of IoT malware even more challenging. In this paper, we propose to use printable strings as an easy-to-get but effective cross-platform feature to identify IoT malware on different IoT platforms. The discriminating capability of these strings are verified using a set of machine learning algorithms on malware family classification across different platforms. The proposed scheme shows a 99% accuracy on a large scale IoT malware dataset consisted of 120K executable fils in executable and linkable format when the training and test are done on the same platform. Meanwhile, it also achieves a 96% accuracy when training is carried out on a few popular IoT platforms but test is done on different platforms. Efficient malware prevention and mitigation solutions can be enabled based on the proposed method to prevent and mitigate IoT malware damages across different platforms.
DOI10.1109/TrustCom50675.2020.00106
Citation Keylee_cross_2020
Groups: