Evolved IoT Malware Detection using Opcode Category Sequence through Machine Learning

Abstract

IoT devices are being exploited as entry points for cyberattacks due to security weaknesses. IoT malware variants have evolved as a result of vulnerabilities in IoT devices. This study investigates whether IoT malware can be detected with var-ious types of malware family. An opcode sequence of malware can represent its family characteristics by utilizing opcode categories. Opcode categories are divided into 6 or 11 depending on opcode functions. Thus, a sequence of opcode categories can identify intrinsic characteristics of the family to which it belongs. By applying the entropy histogram, a 2D representation of a category sequence visually reveals innate patterns within homogeneous families. We find that benign and malware can be differentiated visually, as well as correlated and uncorrelated malware. For the designed feature representation, machine learning algorithms (5-NN, SVM, Decision Tree, and Random Forest) are used, with the best case having a mean MCC or Fl-score of over 98.0%. Overall, the 11 opcode category outperforms the 6 opcode category. The experiments have shown that evolved malware can be detected with a model learned from its precedent malware.