Youngho Kim, Hyunjong Lee, Doosung Hwang

KIPS Transactions on Software and Data Engineering, Vol. 11, No. 5, pp. 197-202, May. 2022
https://doi.org/10.3745/KTSDE.2022.11.5.197,   PDF Download:
Keywords: Internet of Things, Machine Learning, Malware detection, Malware Family Classification
Abstract

IoT (Internet of Things) devices are being attacked by malware due to many security vulnerabilities, such as the use of weak IDs/passwords and unauthenticated firmware updates. However, due to the diversity of CPU architectures, it is difficult to set up a malware analysis environment and design features. In this paper, we design time series features using the byte sequence of executable files to represent independent features of CPU architectures, and analyze them using recurrent neural networks. The proposed feature is a fixed-length time series pattern extracted from the byte sequence by calculating partial entropy and applying linear interpolation. Temporary changes in the extracted feature are analyzed by RNN and LSTM. In the experiment, the IoT malware detection showed high performance, while low performance was analyzed in the malware family classification. When the entropy patterns for each malware family were compared visually, the Tsunami and Gafgyt families showed similar patterns, resulting in low performance. LSTM is more suitable than RNN for learning temporal changes in the proposed malware features.

Statistics
Cite this article