Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach

The steady growth in the number of deployed Internet of Things (IoT) devices has been paralleled with an equal growth in the number of malicious software (malware) targeting those devices. In this paper, we build a detection mechanism of IoT malware utilizing control flow graphs (CFGs). To motivate for our detection mechanism, we contrast the underlying characteristics of IoT malware to other types of malware—Android malware, which are also Linux-based—across multiple features. The preliminary analyses reveal that the Android malware have high density, strong closeness and betweenness, and a larger number of nodes. We show that IoT malware samples have a large number of edges despite a smaller number of nodes, which demonstrate a richer flow structure and higher complexity. We utilize those various characterizing features as a modality to build a highly effective deep learning-based detection model to detect IoT malware. To test our model, we use CFGs of about 6000 malware and benign IoT disassembled samples, and show a detection accuracy of $\approx 99.66$ %.