An opcode‐based technique for polymorphic Internet of Things malware detection

Darabian, Hamid; Dehghantanha, Ali; Hashemi, Sattar; Homayoun, Sajad; Choo, Kim‐Kwang Raymond

doi:10.1002/cpe.5173

Cited by 74 publications

(27 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Pajouh et al [11] took the opcode sequences as discriminating features in the Long Short Term Memory (LSTM) algorithm and got an accuracy rate of 98.18% on a dataset consisted of 281 ARMbased malware and 270 ARM-based benignware. Darabian et al [12] counted the number of occurrence of each opcode, and found that malware uses some particular opcodes more frequently than benignware. The experimental results showed that the classifier could reach an accuracy of 99% in ARMbased IoT samples.…”

Section: B Malware Detection and Malware Family Classificationmentioning

confidence: 99%

“…As a result, assorted existing researches put focus on more efficient approaches based on static analysis, e.g., reverse engineering the binary programs of IoT malware [9]. In related work [10,11,12], experiment results with high detection rates are obtained by exploring the operation codes (opcodes) and control flow graphs (CFG) of the IoT malware. Nevertheless, these related work did not take factors such as the CPU architecture into consideration and the evaluation datasets suffer from drawbacks such as limited scale and class imbalance, which might result in biased results.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Detection and Classification of Internet-of-Things Malware Based on Byte Sequences from Executable Files

Wan

Ban

Cheng

et al. 2020

IEEE Open J. Comput. Soc.

View full text Add to dashboard Cite

The simple implementation and monotonous operation features make Internet of Things (IoT) vulnerable to malware attacks. In order to understand the behavior of IoT malware for further mitigation and prevention, static analysis on executable files of IoT malware is a feasible approach. However, current analysis approaches based on opcode or call-graph usually do not work well with the diversity in CPU architectures and are often resource demanding. In this paper, we propose an efficient scheme to detect and classify IoT malware programs leveraging machine learning methods. We show that reliable and efficient detection and classification can be implemented by exploring the essential discriminant information stored in the byte sequences at the entry points of executable programs. We demonstrate the performance of the proposed scheme using a large scale dataset composed of 111K benignware and 111K malware programs from 7 CPU architectures. The proposed scheme achieves near optimal generalization performance for malware detection (99.9% in accuracy) and for malware family classification (98.4% in accuracy). Moreover, when the CPU architecture information is considered in the learning, the proposed scheme combined with SVM classifiers can yield even higher generalization performance using fewer bytes from the executable files. The findings in this paper is promising for implementing a lightweight malware protection solution on IoT devices with limited resources.

show abstract

Section: B Malware Detection and Malware Family Classificationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Efficient Detection and Classification of Internet-of-Things Malware Based on Byte Sequences from Executable Files

Wan

Ban

Cheng

et al. 2020

IEEE Open J. Comput. Soc.

View full text Add to dashboard Cite

show abstract

“…However, designing effective and efficient malware detection approaches poses several challenges and still has open issues [30], for example due to counter-malware detection efforts by malware authors and cyber criminals. There are three major approaches for analyzing malware: static, dynamic and hybrid [31,32], each of them with their own pros and cons. Trying to mitigate some of the drawbacks of current static, dynamic and hybrid malware detection approaches, multi-view learning is a promising solution.…”

Section: Privacy and Security In Smart Computingmentioning

confidence: 99%

Smart computing and cyber technology for cyberization

et al. 2020

View full text Add to dashboard Cite

Following the well-known concepts of computerization and informatization, an emerging era of cyberization, which is considered as a reformation of the present physical, social and mental worlds, has become a hotly discussed trend in the new cyber world. Cyberization refers to using communication and computer technologies to interconnect computers and various electronic terminal devices distributed in different locations. It allows users to share software, hardware and data resources according to certain network protocols. Cyberization has greatly improved the practical utility of computers and has been widely applied in transportation, finance, business management, education, telecommunications, commerce, and so on in our daily life [1]. During the cyberization process, a large number of real things will conjugatively map to various kinds and levels of cyber existence in cyber world. It is said that cyberization has already taken place in a variety of fields along with the development of several emerging computing paradigms and information communication technologies, such as ubiquitous/ pervasive computing, social computing and networking, and wearable technologies, etc. Specifically, with the rapid growth of Internet of Things and cognitive cyber-physical systems, more and more digital things or cyber entities, are engaged or generated in the integrated cyber world. Emerging technologies in smart environments, such as smart computing and smart objects, become very significant, promising, and enabling issues in cyberization, to enhance

show abstract

“…Most mobile malware detection systems are focused on local file analysis [11]. Malware analysis involves two key techniques: static analysis and dynamic analysis [12]. Static analysis examines malware without actually executing it to find malicious characteristics or suspicious codes [13], while dynamic analysis (also known as behavior analysis) executes malware in a controlled and monitored environment to observe its behavior [14].…”

Section: Related Workmentioning

confidence: 99%

A Blockchain-based Framework for Detecting Malicious Mobile Applications in App Stores

Homayoun

Dehghantanha

Parizi

et al. 2019

2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE)

Self Cite

View full text Add to dashboard Cite

The dramatic growth in smartphone malware shows that malicious program developers are shifting from traditional PC systems to smartphone devices. Therefore, security researchers are also moving towards proposing novel antimalware methods to provide adequate protection. This paper proposes a Blockchain-Based Malware Detection Framework (B2MDF) for detecting malicious mobile applications in mobile applications marketplaces (app stores). The framework consists of two internal and external private blockchains forming a dual private blockchain as well as a consortium blockchain for the final decision. The internal private blockchain stores feature blocks extracted by both static and dynamic feature extractors, while the external blockchain stores detection results as blocks for current versions of applications. B2MDF also shares feature blocks with third parties, and this helps antimalware vendors to provide more accurate solutions.

show abstract

An opcode‐based technique for polymorphic Internet of Things malware detection

Cited by 74 publications

References 32 publications

Efficient Detection and Classification of Internet-of-Things Malware Based on Byte Sequences from Executable Files

Efficient Detection and Classification of Internet-of-Things Malware Based on Byte Sequences from Executable Files

Smart computing and cyber technology for cyberization

A Blockchain-based Framework for Detecting Malicious Mobile Applications in App Stores

Contact Info

Product

Resources

About