Machine Learning-based Detection of IoT Malware using System Call Data

Abstract

The increased popularity of IoT has raised many security concerns. New devices with improved operational activities and features are introduced into the market each year, expanding the IoT attack surface, and giving rise to emerging malware variants. The cyber security community has turned its best interest towards IoT malware remediation. However, the platform heterogeneity aspect of these devices poses unique challenges for researchers. Previous studies use static approach for executables analysis, but this method has limitations in identifying packed and obfuscated malware. A few studies use dynamic features; however, they do not address the multi-architecture issue in IoT. The key scope of this research is to present a model that detects cross-architectural IoT malware using dynamic analysis and machine learning. Our proposed study covers three prominent CPU architectures in IoT: MIPS, ARM, and x86. We extract the system call features from the collected dataset and employ various machine learning algorithms to detect malware on IoT. Experiments show that our proposed model can obtain an accuracy of 99.04% and an F-measure of 99% using Random Forest (RF).