Comparison of Three Deep Learning-based Approaches for IoT Malware Detection

“…Nguyen et al [40] proposed "BE-PUM" -Binary code analyzer based on dynamic symbolic execution on x86that overcomes obfuscation for precise malware disassembly. IoT malwares do not employ obfuscation as frequently as PC malware.…”

“…Allows data recovery and reverse engineering hexedit -Helps to view/edit files in hex or ASCII IDAPro [28], [18], [34], [35], [36], [30] Prominently used interactive disassembler and debugger tool magic -file command's magic pattern file nucleus [28] A structural control flow graph analysis based compiler agnostic function detection tool for binaries proposed by Andriesse et al [37]. obj(ect)dump [38], [39], [40] Information dump about object files including intended target instruction set architecture (ISA) and structural information. Relies on BFD.…”

“…The encoding of text information in the actual binary is often overlooked, and a default encoding of UTF-8 is assumed. Several models work well under this assumption for Windows [65], [66], [67], and Linux [40] platforms, yet the effect of considering the actual encoding is largely unexplored.…”

“…instruction sequences, or simply the whole file [21]. Various entropy measures are available such as Shannon entropy [40].…”

“…Both recommendations are provided in Tables 5 and 6. It is an extension of the grayscale representation described above, where conversion to a colored format is done by extending grayscale values to RGB channel values using tools like BinVis 1 , as done by Nguyen et al in [40].…”

A Survey on Cross-Architectural IoT Malware Threat Hunting

“…Nguyen et al [40] proposed "BE-PUM" -Binary code analyzer based on dynamic symbolic execution on x86that overcomes obfuscation for precise malware disassembly. IoT malwares do not employ obfuscation as frequently as PC malware.…”

“…Allows data recovery and reverse engineering hexedit -Helps to view/edit files in hex or ASCII IDAPro [28], [18], [34], [35], [36], [30] Prominently used interactive disassembler and debugger tool magic -file command's magic pattern file nucleus [28] A structural control flow graph analysis based compiler agnostic function detection tool for binaries proposed by Andriesse et al [37]. obj(ect)dump [38], [39], [40] Information dump about object files including intended target instruction set architecture (ISA) and structural information. Relies on BFD.…”

“…The encoding of text information in the actual binary is often overlooked, and a default encoding of UTF-8 is assumed. Several models work well under this assumption for Windows [65], [66], [67], and Linux [40] platforms, yet the effect of considering the actual encoding is largely unexplored.…”

“…instruction sequences, or simply the whole file [21]. Various entropy measures are available such as Shannon entropy [40].…”

“…Both recommendations are provided in Tables 5 and 6. It is an extension of the grayscale representation described above, where conversion to a colored format is done by extending grayscale values to RGB channel values using tools like BinVis 1 , as done by Nguyen et al in [40].…”

A Survey on Cross-Architectural IoT Malware Threat Hunting

A Comparison Between Different Machine Learning Models for IoT Malware Detection

On the Impact of Network Data Balancing in Cybersecurity Applications