Graph-based comparison of IoT and android malware

Hisham Alasmary, Afsah Anwar, Jeman Park, Jinchun Choi, Daehun Nyang, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

37 Scopus citations

Abstract

The growth in the number of android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware) that can run on both, affecting their ecosystems. Thus, it is essential to understand those malware towards their detection. In this work, we look into a comparative study of android and IoT malware through the lenses of graph measures: we construct abstract structures, using the control flow graph (CFG) to represent malware binaries. Using those structures, we conduct an in-depth analysis of malicious graphs extracted from the android and IoT malware. By reversing 2,874 and 201 malware binaries corresponding to the IoT and android platforms, respectively, extract their CFGs, and analyze them across both general characteristics, such as the number of nodes and edges, as well as graph algorithmic constructs, such as average shortest path, betweenness, closeness, density, etc. Using the CFG as an abstract structure, we emphasize various interesting findings, such as the prevalence of unreachable code in android malware, noted by the multiple components in their CFGs, the high density, strong closeness and betweenness, and larger number of nodes in the android malware, compared to the IoT malware, highlighting its higher order of complexity. We note that the number of edges in android malware is larger than that in IoT malware, highlighting a richer flow structure of those malware samples, despite their structural simplicity (number of nodes). We note that most of those graph-based properties can be used as discriminative features for classification.

Original languageEnglish
Title of host publicationComputational Data and Social Networks - 7th International Conference, CSoNet 2018, Proceedings
EditorsMy T. Thai, Xuemin Chen, Wei Wayne Li, Arunabha Sen
PublisherSpringer Verlag
Pages259-272
Number of pages14
ISBN (Print)9783030046477
DOIs
StatePublished - 2018
Event7th International Conference on Computational Data and Social Networks, CSoNet 2018 - Shanghai, China
Duration: 18 Dec 201820 Dec 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11280 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference7th International Conference on Computational Data and Social Networks, CSoNet 2018
Country/TerritoryChina
CityShanghai
Period18/12/1820/12/18

Bibliographical note

Funding Information:
This work is supported by the NSF grant CNS-1809000, NRF grant 2016K1A1A2912757, Florida Center for Cybersecurity (FC2) seed grant, and support by the Air Force Research Lab. This work would not have been possible without the support of Ernest J. Gemeinhart.

Publisher Copyright:
© Springer Nature Switzerland AG 2018.

Keywords

  • Android
  • Graph analysis
  • IoT
  • Malware

Fingerprint

Dive into the research topics of 'Graph-based comparison of IoT and android malware'. Together they form a unique fingerprint.

Cite this