Automatic detection and analysis towards malicious behavior in IoT malware

Our society is rapidly moving towards the digital age, which has led to a sharp increase in IoT networks and devices. This growth requires more network security professionals, who are focused on protecting IoT systems. One crucial task is to analyze malicious software to gain a deeper understanding...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Sen, GE, Mengmeng, FENG, Ruitao, LI, Xiaohong, LAM, Kwok Yan
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/8701
https://ink.library.smu.edu.sg/context/sis_research/article/9704/viewcontent/AutomaticDetection_IoT_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Our society is rapidly moving towards the digital age, which has led to a sharp increase in IoT networks and devices. This growth requires more network security professionals, who are focused on protecting IoT systems. One crucial task is to analyze malicious software to gain a deeper understanding of its functionalities and response methods. However, malware analysis is a complex process that requires the use of various analysis tools, including advanced reverse engineering techniques. For beginners, parsing complex binary data can be particularly challenging as they may be strange with these tools and the basic principles of analysis. Even for experienced analysts, understanding reverse engineering binary files and assembly lists is daunting.Facing these challenges, we propose a two-fold solution. Firstly, we create a detailed list of analysis tools and construct a malware analysis framework aimed at simplifying the analysis process. The framework will list the key data points that need to be addressed in the analysis, providing analysts with the tools and information needed for effective malware analysis. Secondly, we will demonstrate that advanced analysis techniques by providing analysis scripts which automate the reverse engineering process in malware analysis. To evaluate the accuracy of our behavior classification system, we will use our framework and analysis scripts to analyze known malware samples. Then, we will compare the accuracy of script-based analysis results and evaluate their ability to identify malicious software behavior. Our research results indicate that by following our framework and using our scripts, we can detect over 80% critical malware behaviors in known samples, which highlights the potential of simplifying the process of malware analysis, making it easier to learn and implement.