Static Classification of IoT Malware using Grayscale Image Representation and Lightweight Convolutional Neural Networks

Abstract

The widespread of the Internet of Things (IoT) has made it a good target for adversaries to carry out sophisticated cyberattacks. A critical point has been reached in IoT security in 2016 through a major distributed denial of service attack that disturbed the operation of large Internet service providers and online services, carried out by a new IoT malware named Mirai. The release of its source code online led to the emergence of new malware types and the reemergence of old ones such as Gafgyt who has been around since 2014. In this context, quickly identifying the family of malware enables security professionals to apply suitable countermeasures. However, IoT malware classification is still in its infancy as most classification approaches require some domain expertise. In this work, we propose a malware classification approach of grayscale image representation of malware binaries using a new machine learning model in the form of a lightweight convolutional neural network. Using a dataset of more than 89,000 malware samples, we were able to predict correctly 9 malware classes with 95% accuracy. Our approach outperforms other evaluated CNN-based classifiers by more than 4%.