Analyzing, Comparing, and Detecting Emerging Malware: A Graph-based Approach
This work addresses malware detection for Android and IoT security, but it is incremental as it applies existing graph-based methods to new data.
The researchers tackled the problem of increasing malware on Android and IoT devices by analyzing and comparing their control flow graph structures, finding that Android malware is more complex with unreachable code, and achieved 97.9% accuracy in detecting IoT malware using Random Forests.
The growth in the number of Android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware), calling for new analysis approaches. We represent binaries using their graph properties of the Control Flow Graph (CFG) structure and conduct an in-depth analysis of malicious graphs extracted from the Android and IoT malware to understand their differences. Using 2,874 and 2,891 malware binaries corresponding to IoT and Android samples, we analyze both general characteristics and graph algorithmic properties. Using the CFG as an abstract structure, we then emphasize various interesting findings, such as the prevalence of unreachable code in Android malware, noted by the multiple components in their CFGs, and larger number of nodes in the Android malware, compared to the IoT malware, highlighting a higher order of complexity. We implement a Machine Learning based classifiers to detect IoT malware from benign ones, and achieved an accuracy of 97.9% using Random Forests (RF).