Automatic detection and analysis towards malicious behavior in IoT malware

Author

Sen LI
Mengmeng GE
Ruitao FENG, Singapore Management UniversityFollow
Xiaohong LI
Kwok Yan LAM

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

1-2023

Abstract

Our society is rapidly moving towards the digital age, which has led to a sharp increase in IoT networks and devices. This growth requires more network security professionals, who are focused on protecting IoT systems. One crucial task is to analyze malicious software to gain a deeper understanding of its functionalities and response methods. However, malware analysis is a complex process that requires the use of various analysis tools, including advanced reverse engineering techniques. For beginners, parsing complex binary data can be particularly challenging as they may be strange with these tools and the basic principles of analysis. Even for experienced analysts, understanding reverse engineering binary files and assembly lists is daunting.Facing these challenges, we propose a two-fold solution. Firstly, we create a detailed list of analysis tools and construct a malware analysis framework aimed at simplifying the analysis process. The framework will list the key data points that need to be addressed in the analysis, providing analysts with the tools and information needed for effective malware analysis. Secondly, we will demonstrate that advanced analysis techniques by providing analysis scripts which automate the reverse engineering process in malware analysis. To evaluate the accuracy of our behavior classification system, we will use our framework and analysis scripts to analyze known malware samples. Then, we will compare the accuracy of script-based analysis results and evaluate their ability to identify malicious software behavior. Our research results indicate that by following our framework and using our scripts, we can detect over 80% critical malware behaviors in known samples, which highlights the potential of simplifying the process of malware analysis, making it easier to learn and implement.

Keywords

Automatic analysis, IoT malware, Malicious behavior analysis

Discipline

Information Security

Publication

2023 International Conference on Data Mining, ICDM: Shanghai, December 1-4: Proceedings

First Page

1332

Last Page

1341

ISBN

9798350381641

Identifier

10.1109/ICDMW60847.2023.00171

Publisher

IEEE Computer Society

City or Country

Washington, DC

Citation

LI, Sen; GE, Mengmeng; FENG, Ruitao; LI, Xiaohong; and LAM, Kwok Yan. Automatic detection and analysis towards malicious behavior in IoT malware. (2023). 2023 International Conference on Data Mining, ICDM: Shanghai, December 1-4: Proceedings. 1332-1341.
Available at: https://ink.library.smu.edu.sg/sis_research/8701

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/ICDMW60847.2023.00171