The Approach for IoT Malware Detection Based on Opcodes Sequences Pattern Mining

Abstract

In recent years, the area of IoT malware detection has been at the forefront of the security community. Due to lack the latest cybersecurity requirements in IoT devices design, lack of security updates and transparency of security posture, as well as due to the IoT devices specific characteristics, such as heterogeneity of the processor architecture, unsafe deployment of IoT devices, as well as exponential growth in the number of IoT devices - all this leads to an increase in the number of malware targeting IoT devices. The paper presents the new approach for IOT malware detection based on opcodes (operation codes) sequences pattern mining. The proposed approach uses mining of maximal sequential patterns of operation codes from assembly representation of IoT binary executable. Most distinctive of maximal sequential patterns are selected and for each of them estimations of their relevance are performed. Based on these relevance the feature vectors are built which described assembly representation of IoT binary executable. As a classifier Fuzzy Semi-Supervised C-Means classifier was applied. The experimental results shows that the proposed approach allows detecting IOT malware with height effectiveness, with accuracy 99,51 % and F <inf xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">1</inf> -score at level 99,50%.