Large-scale IoT malware analysis and classification method

被引：0

作者：

He Q. ^{[1
,2
]}

Wang L. ^{[2
]}

Luo B. ^{[1
]}

Yang L. ^{[3
]}

机构：

[1] National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing

[2] School of Computer Science and Engineering, Beihang University, Beijing

[3] School of Cybersecurity, Northwestern Polytechnical University, Xi'an

来源：

Beijing Hangkong Hangtian Daxue Xuebao/Journal of Beijing University of Aeronautics and Astronautics | 2022年 / 48卷 / 02期

关键词：

Classification; Graph learning; Internet of things (IoT); Malware; Text learning;

D O I：

10.13700/j.bh.1001-5965.2020.0401

中图分类号：

学科分类号：

摘要：

Recently, Internet of things (IoT) malware emerges in large numbers and attacks IoT devices in cyberspace. However, the family characteristics of IoT malwares are not obvious due to the open-source problem, a more fine-grained malware classification method is needed to solve the problems of advanced threat malware discovery and attack organization tracking. To address this question, we took a large-scale analysis of 157 911 IoT malwares which have been found from May 2019 to May 2020, and labeled a dataset which includes 9 categories and 12 278 malwares. Then we proposed an IoT malware classification method whose main idea is extracting complex structure features including FCG graph and text by static reverse analysis. The learning features using graph representation learning and text representation learning were used, and the experiments on the labeled dataset show that the average recall rate is 88.1%. Our method has been taken into practice and works well. © 2022, Editorial Board of JBUAA. All right reserved.

引用

页码：240 / 248

页数：8

共 24 条

[1] The global risks report 2020
[2] Gartner identifies top 10 strategic IoT technologies and trends
[3] ANTONAKAKIS M, APRIL T, BAILEY M, Et al., Understanding the Mirai botnet[C], USENIX Security Symposium, pp. 1093-1110, (2017)
[4] DE DONNO M, DRAGONI N, GIARETTA A, Et al., DDoS-capable IoT malwares:Comparative analysis and Mirai investigation[J], Security and Communication Networks, 2018, (2018)
[5] COZZI E, GRAZIANO M, FRATANTONIO Y, Et al., Understanding Linux malware, IEEE Symposium on Security and Privacy, pp. 161-175, (2018)
[6] HERWIG S, HARVEY K, HUGHEY G, Et al., Measurement and analysis of Hajime a peer-to-peer IoT botnet[C], Network and Distributed Systems Security Symposium, pp. 1-15, (2019)
[7] Dive into Mozi malware
[8] VirusTotal
[9] SU J W, VARGAS D V, PRASAD S, Et al., Lightweight classification of IoT malware based on image recognition[C], IEEE 42nd Annual Computer Software and Application Conference, pp. 664-669, (2018)
[10] GIBERT D, MATEU C, PLANES J, Et al., Classification of malware by using structural entropy on convolutional neural networks[C], 30th AAAI Conference on Innovative Applications of Artificial Intelligence, pp. 1-6, (2018)

← 1 2 3 →