Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach

Hisham Alasmary, Aminollah Khormali, Afsah Anwar, Jeman Park, Jinchun Choi, Ahmed Abusnaina, Amro Awad, Daehun Nyang, Aziz Mohaisen

Research output: Contribution to journalArticlepeer-review

97 Scopus citations


The steady growth in the number of deployed Internet of Things (IoT) devices has been paralleled with an equal growth in the number of malicious software (malware) targeting those devices. In this paper, we build a detection mechanism of IoT malware utilizing control flow graphs (CFGs). To motivate for our detection mechanism, we contrast the underlying characteristics of IoT malware to other types of malware - Android malware, which are also Linux-based - across multiple features. The preliminary analyses reveal that the Android malware have high density, strong closeness and betweenness, and a larger number of nodes. We show that IoT malware samples have a large number of edges despite a smaller number of nodes, which demonstrate a richer flow structure and higher complexity. We utilize those various characterizing features as a modality to build a highly effective deep learning-based detection model to detect IoT malware. To test our model, we use CFGs of about 6000 malware and benign IoT disassembled samples, and show a detection accuracy of \approx 99.66 %.

Original languageEnglish
Article number8752028
Pages (from-to)8977-8988
Number of pages12
JournalIEEE Internet of Things Journal
Issue number5
StatePublished - Oct 2019

Bibliographical note

Publisher Copyright:
© 2014 IEEE.


  • Android
  • Internet of Things (IoT)
  • IoT detection
  • graph analysis
  • malware


Dive into the research topics of 'Analyzing and Detecting Emerging Internet of Things Malware: A Graph-Based Approach'. Together they form a unique fingerprint.

Cite this