Detecting Malware on X86-Based IoT Devices in Autonomous Driving

Abstract

X86-based software runs on some mainstream autonomous driving systems to perform intelligent operations and help to significantly improve driving safety. However, vulnerabilities of software in autonomous driving can lead to vehicle components and systems being attacked, which ultimately affects the work of the autonomous vehicle. Although many scholars have detected malware on X86-based Internet of Things (IoT) devices through static or dynamic analysis, these methods cannot be directly ported to X86-based IoT devices in autonomous driving because of hardware and software capabilities and real-time requirements. In this work, we propose the detection of malware on X86-based IoT devices in an autonomous driving approach combining fusion features from static analysis and machine learning to solve problems of resource overhead for dynamic analysis and low accuracy of the static analysis. First, a feature extraction model based on the level of operation code is designed. Then fusion features at three different levels are extracted through unpacking programs. Finally, a detection model based on Extreme Gradient Boosting (XGBoost) is used to discover malware on X86-based IoT devices in autonomous driving. On this basis, a malware detection approach based on fusion features is demonstrated. After that, we compare our approach with other identification approaches on a dataset consisting of 4169 samples, which includes 2379 malware and 1790 benign programs. Experimental results show that fusion features can significantly increase the recognition rate. Moreover, XGBoost has a higher recognition accuracy than other mainstream classification algorithms.