Toward an approach using graph-theoretic for IoT botnet detection

IoT devices are contributing significantly to increasing utility in life, increasing efficiency, increasing labor productivity as well as reducing costs. However, the fact that many manufacturers aim to speed up production and reduce production costs, most IoT devices have weak security features, easily infected by botnet malware. Static analysis of IoT botnet malware samples is a viable approach to fully understand the behavior of IoT botnet from there to mitigate and prevent. However, current analysis methods based on operation code or function call graphs generally do not work well with diversity in central processing unit (CPU) architecture and are often resource-intensive. In this paper, we propose a solution that uses graph-theoretic to present features that are effective in detecting botnet IoT. The main contribution of the paper is extracting PSI graph from executable files and exploiting a representative set of features from PSI-graph, which has a negligible number of attributes but achieves positive performance for IoT botnet malware detection (94.84% accuracy)

[1]  Quoc-Dung Ngo,et al.  A survey of IoT malware and detection methods based on static features , 2020, ICT Express.

[2]  Xiaosong Zhang,et al.  OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning , 2020, Sensors.

[3]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[4]  Mark Stamp,et al.  Opcode graph similarity and metamorphic detection , 2012, Journal in Computer Virology.

[5]  Aziz Mohaisen,et al.  Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach , 2019, IEEE Internet of Things Journal.

[6]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[7]  Jagsir Singh,et al.  A survey on machine learning-based malware detection in executable files , 2020, J. Syst. Archit..

[8]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[9]  Jian Xu,et al.  Detecting malware variants via function-call graph similarity , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[10]  Jinrong Bai,et al.  A Malware and Variant Detection Method Using Function Call Graph Isomorphism , 2019, Secur. Commun. Networks.

[11]  Sepp Hochreiter,et al.  Self-Normalizing Neural Networks , 2017, NIPS.

[12]  Biplab Sikdar,et al.  Consumer IoT: Security Vulnerability Case Studies and Solutions , 2020, IEEE Consumer Electronics Magazine.

[13]  Tsutomu Matsumoto,et al.  IoTPOT: Analysing the Rise of IoT Compromises , 2015, WOOT.

[14]  Mattia Monga,et al.  Detecting Self-mutating Malware Using Control-Flow Graph Matching , 2006, DIMVA.

[15]  Quoc-Dung Ngo,et al.  A novel graph-based approach for IoT botnet detection , 2019, International Journal of Information Security.