IoT Malware Classification Based on System Calls

Abstract

IoT devices play an important role in the industrial revolution 4.0. However, this type of device may exhibit specific security vulnerabilities that can be easily exploited to cause botnet attacks and other malicious activities. In this paper, we introduce a new method for classification and clustering of IoT malware behaviors through system call monitoring. Our method is constructed from multiple one-class SVM classifiers and has the ability to classify known malware with F1-Score over 98% and probability to detect unknown malware up to 97%. Unknown malware instances with similar behaviors can also be grouped together so new classes of malware will be discovered.