Malware Detection in Internet of Things Devices Based on Association Models

Abstract

In recent years, attackers have shifted aggressively targeting Internet of Things devices. In this paper, we propose the association IoT malware detection model. Before being associated, the model goes through two processing phases, each having two types of static and dynamic features. The process consists of 3 main steps: (1) the files are extracted static feature (grayscale image) and dynamic feature (system call through V-Sandbox sandbox), (2) features are preprocessed and fed into the learning models; for the grayscale image feature, a convolutional neural network (CNN) is used; for the system call graph feature, traditional machine learning algorithms are used; (3) the results from the two learning models are combined by late fusion to decide the final prediction label for the input files. The performance of the proposed method was evaluated, and its detection accuracy was 99.14% better than in the static analysis and dynamic analysis, which had 99.06% and 98.08% detection accuracy, respectively.