Premium
An opcode‐based technique for polymorphic Internet of Things malware detection
Author(s) -
Darabian Hamid,
Dehghantanha Ali,
Hashemi Sattar,
Homayoun Sajad,
Choo KimKwang Raymond
Publication year - 2019
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.5173
Subject(s) - opcode , computer science , malware , support vector machine , artificial intelligence , perceptron , decision tree , adaboost , machine learning , preprocessor , internet of things , random forest , data mining , pattern recognition (psychology) , artificial neural network , computer security , computer hardware
Summary The increasing popularity of Internet of Things (IoT) devices makes them an attractive target for malware authors. In this paper, we use sequential pattern mining technique to detect most frequent opcode sequences of malicious IoT applications. Detected maximal frequent patterns (MFP) of opcode sequences can be used to differentiate malicious from benign IoT applications. We then evaluate the suitability of MFPs as a classification feature for K nearest neighbors (KNN), support vector machines (SVM), multilayer perceptron (MLP), AdaBoost, decision tree, and random forest classifier. Specifically, we achieve an accuracy rate of 99% in the detection of unseen IoT malware. We also demonstrate the utility of our approach in detecting polymorphed IoT malware samples.