Malware on devices connected to the Internet via the Internet of Things (IoT) is evolving and is a core component of the fourth industrial revolution. IoT devices use the MIPS architecture with a large proportion running on embedded Linux operating systems, but the automatic analysis of IoT malware has not been resolved. We proposed a framework to classify malware in IoT devices by using MIPS-based system behavior (system call—syscall) obtained from our F-Sandbox passive process and machine learning techniques. The F-Sandbox is a new type for IoT sandbox, automatically created from the real firmware of the specialized IoT devices, inheriting the specialized environment in the real firmware, therefore creating a diverse environment for sandboxing as an important characteristic of IoT sandbox. This framework classifies five families of IoT malware with F1-Weight = 97.44%.
Control flow-based feature extraction method has the ability to detect malicious code with higher accuracy than traditional text-based methods. Unfortunately, this method has been encountered with the NP-hard problem, which is infeasible for the large-sized and high-complexity programs. To tackle this, we propose a control flow-based feature extraction dynamic programming algorithm for fast extraction of control flow-based features with polynomial time O($N^{2}$), where N is the number of basic blocks in decompiled executable codes. From the experimental results, it is demonstrated that the proposed algorithm is more efficient and effective in detecting malware than the existing ones. Applying our algorithm to an Internet of Things dataset gives better results on three measures: Accuracy = 99.05%, False Positive Rate = 1.31% and False Negative Rate = 0.66%.
Nowadays, there are many discussions on the fourth industrial revolution with a combination of real physical and virtual systems (Cyber Physical Systems), Internet of Things (IoT) and Internet of Services (IoS). Along with this revolution is the rapid development of malicious code on IoT devices, leading to not only the risk of personal privacy information leaking but also the risk of network security in general. In this paper, we propose C500-toolkit, a novel tool for malware detection in Commercial-off-the-shelf routers, based on dynamic analysis approach. The main contribution of C500-toolkit is to provide an environment for fully emulating router firmware image including both operating system and web-interface. To show the advantage of C500-toolkit, experiments of this tool with embedded malwares Linux/TheMoon and Linux/Mirai are presented
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.