Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification
Current methods for classifying IoT malware predominantly utilize binary and family classifications. However, these outcomes lack the detailed granularity to describe malicious behavior comprehensively. This limitation poses challenges for security analysts, failing to support further analysis and t...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8974 https://ink.library.smu.edu.sg/context/sis_research/article/9977/viewcontent/3652032.3657577_pvoa_cc_by_nc_nd.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9977 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-99772024-07-25T08:35:49Z Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification FENG, Ruitao LI, Sen CHEN, Sen GE, Mengmeng LI, Xuewei LI, Xiaohong Current methods for classifying IoT malware predominantly utilize binary and family classifications. However, these outcomes lack the detailed granularity to describe malicious behavior comprehensively. This limitation poses challenges for security analysts, failing to support further analysis and timely preventive actions. To achieve fine-grained malicious behavior identification in the lurking stage of IoT malware, we propose MaGraMal. This approach, leveraging masked graph representation, supplements traditional classification methodology, empowering analysts with critical insights for rapid responses. Through the empirical study, which took three person-months, we identify and summarize four fine-grained malicious behaviors during the lurking stage, constructing an annotated dataset. Our evaluation of 224 algorithm combinations results in an optimized model for IoT malware, achieving an accuracy of 75.83%. The maximum improvement brought by the hybrid features and graph masking achieves 5% and 4.16%, respectively. The runtime overhead analysis showcases MaGraMal’s superiority over the existing dynamic analysis-based detection tool (12x faster). This pioneering work combines machine learning and static features for malicious behavior profiling. 2024-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8974 info:doi/10.1145/3652032.3657577 https://ink.library.smu.edu.sg/context/sis_research/article/9977/viewcontent/3652032.3657577_pvoa_cc_by_nc_nd.pdf http://creativecommons.org/licenses/by/3.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University IoT malware Malicious behavior detection Masked Graph Embedding Multi-label classification Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
IoT malware Malicious behavior detection Masked Graph Embedding Multi-label classification Information Security |
| spellingShingle |
IoT malware Malicious behavior detection Masked Graph Embedding Multi-label classification Information Security FENG, Ruitao LI, Sen CHEN, Sen GE, Mengmeng LI, Xuewei LI, Xiaohong Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification |
| description |
Current methods for classifying IoT malware predominantly utilize binary and family classifications. However, these outcomes lack the detailed granularity to describe malicious behavior comprehensively. This limitation poses challenges for security analysts, failing to support further analysis and timely preventive actions. To achieve fine-grained malicious behavior identification in the lurking stage of IoT malware, we propose MaGraMal. This approach, leveraging masked graph representation, supplements traditional classification methodology, empowering analysts with critical insights for rapid responses. Through the empirical study, which took three person-months, we identify and summarize four fine-grained malicious behaviors during the lurking stage, constructing an annotated dataset. Our evaluation of 224 algorithm combinations results in an optimized model for IoT malware, achieving an accuracy of 75.83%. The maximum improvement brought by the hybrid features and graph masking achieves 5% and 4.16%, respectively. The runtime overhead analysis showcases MaGraMal’s superiority over the existing dynamic analysis-based detection tool (12x faster). This pioneering work combines machine learning and static features for malicious behavior profiling. |
| format |
text |
| author |
FENG, Ruitao LI, Sen CHEN, Sen GE, Mengmeng LI, Xuewei LI, Xiaohong |
| author_facet |
FENG, Ruitao LI, Sen CHEN, Sen GE, Mengmeng LI, Xuewei LI, Xiaohong |
| author_sort |
FENG, Ruitao |
| title |
Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification |
| title_short |
Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification |
| title_full |
Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification |
| title_fullStr |
Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification |
| title_full_unstemmed |
Unmasking the lurking: Malicious behavior detection for IoT malware with multi-label classification |
| title_sort |
unmasking the lurking: malicious behavior detection for iot malware with multi-label classification |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/8974 https://ink.library.smu.edu.sg/context/sis_research/article/9977/viewcontent/3652032.3657577_pvoa_cc_by_nc_nd.pdf |
| _version_ |
1814047698104352768 |