Abstract

In 2020, 639 million IoT devices were breached, but the number has almost doubled to 1.51 billion breached devices in just the first half of 2021. The limited computing capacity of IoT devices makes them highly vulnerable, and large-scale malware attacks have been conducted using them, as evidenced by the Mirai 2016 botnet, which infected 15 million IoT devices. This stresses the need for enhancements in IoT security, especially in the domain of IoT malware detection. The majority of the research on IoT malware detection is focused on static analysis methods which do not take packers and obfuscation techniques into account. A moderate amount of research is done on the dynamic analysis methods, but such methods fail when the sample’s architecture is not supported. Hybrid analysis methods are also not widely explored even though they are capable of learning more meaningful features than just static or dynamic analysis methods alone. To this end, we have proposed a new sandbox and a novel hybrid detection model that is cross-architectural and capable of dealing with obfuscated and packed samples. Our proposed hybrid model works well even when one of the analysis methods, static or dynamic analysis, fails. We have trained our hybrid model on a dataset of 3145 samples with 2210 malware samples and 935 benign samples. Our model achieves an accuracy of 99.18% with an MCC score of 0.98.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.