Subgraph-Based Adversarial Examples Against Graph-Based IoT Malware Detection Systems

Abstract

Internet of Things (IoT) has become widely adopted in many fields, including industry, social networks, health care, and smart homes, connecting billions of IoT devices through the internet. Understanding and studying IoT malware through analysis using various approaches, such as Control Flow Graph (CFG)-based features and then applying deep learning detection, are widely explored. In this study, we investigate the robustness of such models against adversarial attacks. Our approach crafts the adversarial IoT software using the Subgraph Embedding and Augmentation (SGEA) method that reduces the embedded size required to cause misclassification. Intensive experiments are conducted to evaluate the performance of the proposed method. We observed that SGEA approach is able to misclassify all IoT malware samples as benign by embedding an average size of 6.8 nodes. This highlights that the current detection systems are prone to adversarial examples attacks; thus, there is a need to build more robust systems to detect such manipulated features generated by adversarial examples.