Detecting IoT Malware by Markov Chain Behavioral Models

Abstract

Internet of Things (IoT) is become one of the most important technological sector in recent years, and the focus of attention in many fields, including military applications, healthcare, agriculture, industry, and space science, made it very attractive for cyber-attacks. Especially for the wide diffusion of the Adroid platform, the IoT devices are become one of the main targets of malware threats. Considering the great Android market share, it is needed to build effective tools able of detecting zero-day malware. Therefore, several static and dynamic analysis methods have been proposed in the literature. In this work, the sequences of API calls invoked by apps during their execution are modeled by Markov chains, and used to extract features of the apps through the time, needed for malware classification. The considered dataset includes 22K benign applications and 24K malware collected over different shared datasets. Experimental results show that the Markov chain approach detects malware with up to 89% F-measure and outperforms approaches based on API calls frequency.