Analyzing, Comparing, and Detecting Emerging Malware: A Graph-based Approach
Abstract
The growth in the number of Android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware), calling for new analysis approaches. We represent binaries using their graph properties of the Control Flow Graph (CFG) structure and conduct an in-depth analysis of malicious graphs extracted from the Android and IoT malware to understand their differences. Using 2,874 and 2,891 malware binaries corresponding to IoT and Android samples, we analyze both general characteristics and graph algorithmic properties. Using the CFG as an abstract structure, we then emphasize various interesting findings, such as the prevalence of unreachable code in Android malware, noted by the multiple components in their CFGs, and larger number of nodes in the Android malware, compared to the IoT malware, highlighting a higher order of complexity. We implement a Machine Learning based classifiers to detect IoT malware from benign ones, and achieved an accuracy of 97.9% using Random Forests (RF).
Cite
@article{arxiv.1902.03955,
title = {Analyzing, Comparing, and Detecting Emerging Malware: A Graph-based Approach},
author = {Hisham Alasmary and Aminollah Khormali and Afsah Anwar and Jeman Park and Jinchun Choi and DaeHun Nyang and Aziz Mohaisen},
journal= {arXiv preprint arXiv:1902.03955},
year = {2019}
}
Comments
This paper is accepted as a poster for ISOC NDSS 2019