A Cross-Platform Study on IoT Malware

Attacks towards the Internet of Things (IoT) devices are on the rise. For the lack of basic security monitoring and protection mechanisms, many of these devices are infected with malware and forced to join the attack campaigns on the Internet. Efficient precaution and mitigation of emerging IoT malware could only be pursued after in-depth analysis of captured malware samples. To enable efficient countermeasure against IoT malware, in this paper, we present a multi-level analysis of IoT malware programs based on static/dynamic analysis. To do so, we first use an entropy-based method to differentiate packed malware samples from non-packed ones. Then, characterizing information from static and dynamic analysis are vectorized and examined by t-SNE, which provides a visual hint on the interpretability of different features. Finally, an efficient classifier, namely support vector machine (SVM), is applied to the vector presentations of the malware for quantitative evaluation. Experiment show that opcode sequences obtained from static analysis provide sufficient discriminant information such that IoT malware can be classified with near optimal accuracy.