Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features

Chin Wei Tien; Shang Wen Chen; Tao Ban; Sy Yen Kuo

doi:10.1145/3378448

Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features

Chin Wei Tien, Shang Wen Chen, Tao Ban, Sy Yen Kuo

Research output: Contribution to journal › Journal Article › peer-review

52 Scopus citations

Abstract

Threats to devices that are part of the Internet of Things (IoT) are on the rise. Owing to the overwhelming diversity of IoT hardware and software, as well as its variants, conventional anti-virus techniques based on the Windows paradigm cannot be applied directly to counter threats to the IoT devices. In this article, we propose a framework that can efficiently analyze IoT malware in a wide range of environments. It consists of a universal feature representation obtained by static analysis of the malware and a machine learning scheme that first detects the malware and then classifies it into a known category. The framework was evaluated by applying it to a recently developed dataset consisting of more than 6,000 IoT malware samples collected from the HoneyPot project. The results show that the proposed method can obtain near-optimal accuracy in terms of the detection and classification of malware targeting IoT devices.

Original language	English
Article number	3378448
Journal	Digital Threats: Research and Practice
Volume	1
Issue number	1
DOIs	https://doi.org/10.1145/3378448
State	Published - 16 03 2020
Externally published	Yes

Bibliographical note

Publisher Copyright:
© 2020 Owner/Author.

Keywords

ELF analysis
IoT security
machine learning
malware classification
malware detection
opcode analysis

Access to Document

10.1145/3378448

Cite this

@article{27c7b2edd59f432da4b405b53c2b32bc,

title = "Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features",

abstract = "Threats to devices that are part of the Internet of Things (IoT) are on the rise. Owing to the overwhelming diversity of IoT hardware and software, as well as its variants, conventional anti-virus techniques based on the Windows paradigm cannot be applied directly to counter threats to the IoT devices. In this article, we propose a framework that can efficiently analyze IoT malware in a wide range of environments. It consists of a universal feature representation obtained by static analysis of the malware and a machine learning scheme that first detects the malware and then classifies it into a known category. The framework was evaluated by applying it to a recently developed dataset consisting of more than 6,000 IoT malware samples collected from the HoneyPot project. The results show that the proposed method can obtain near-optimal accuracy in terms of the detection and classification of malware targeting IoT devices.",

keywords = "ELF analysis, IoT security, machine learning, malware classification, malware detection, opcode analysis",

author = "Tien, \{Chin Wei\} and Chen, \{Shang Wen\} and Tao Ban and Kuo, \{Sy Yen\}",

note = "Publisher Copyright: {\textcopyright} 2020 Owner/Author.",

year = "2020",

month = mar,

day = "16",

doi = "10.1145/3378448",

language = "英语",

volume = "1",

journal = "Digital Threats: Research and Practice",

issn = "2576-5337",

publisher = "Association for Computing Machinery",

number = "1",

}

TY - JOUR

T1 - Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features

AU - Tien, Chin Wei

AU - Chen, Shang Wen

AU - Ban, Tao

AU - Kuo, Sy Yen

PY - 2020/3/16

Y1 - 2020/3/16

N2 - Threats to devices that are part of the Internet of Things (IoT) are on the rise. Owing to the overwhelming diversity of IoT hardware and software, as well as its variants, conventional anti-virus techniques based on the Windows paradigm cannot be applied directly to counter threats to the IoT devices. In this article, we propose a framework that can efficiently analyze IoT malware in a wide range of environments. It consists of a universal feature representation obtained by static analysis of the malware and a machine learning scheme that first detects the malware and then classifies it into a known category. The framework was evaluated by applying it to a recently developed dataset consisting of more than 6,000 IoT malware samples collected from the HoneyPot project. The results show that the proposed method can obtain near-optimal accuracy in terms of the detection and classification of malware targeting IoT devices.

AB - Threats to devices that are part of the Internet of Things (IoT) are on the rise. Owing to the overwhelming diversity of IoT hardware and software, as well as its variants, conventional anti-virus techniques based on the Windows paradigm cannot be applied directly to counter threats to the IoT devices. In this article, we propose a framework that can efficiently analyze IoT malware in a wide range of environments. It consists of a universal feature representation obtained by static analysis of the malware and a machine learning scheme that first detects the malware and then classifies it into a known category. The framework was evaluated by applying it to a recently developed dataset consisting of more than 6,000 IoT malware samples collected from the HoneyPot project. The results show that the proposed method can obtain near-optimal accuracy in terms of the detection and classification of malware targeting IoT devices.

KW - ELF analysis

KW - IoT security

KW - machine learning

KW - malware classification

KW - malware detection

KW - opcode analysis

UR - https://www.scopus.com/pages/publications/85126169272

U2 - 10.1145/3378448

DO - 10.1145/3378448

M3 - 文章

AN - SCOPUS:85126169272

SN - 2576-5337

VL - 1

JO - Digital Threats: Research and Practice

JF - Digital Threats: Research and Practice

IS - 1

M1 - 3378448

ER -

Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this