Abstract
The growth in the number of android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware) that can run on both, affecting their ecosystems. Thus, it is essential to understand those malware towards their detection. In this work, we look into a comparative study of android and IoT malware through the lenses of graph measures: we construct abstract structures, using the control flow graph (CFG) to represent malware binaries. Using those structures, we conduct an in-depth analysis of malicious graphs extracted from the android and IoT malware. By reversing 2,874 and 201 malware binaries corresponding to the IoT and android platforms, respectively, extract their CFGs, and analyze them across both general characteristics, such as the number of nodes and edges, as well as graph algorithmic constructs, such as average shortest path, betweenness, closeness, density, etc. Using the CFG as an abstract structure, we emphasize various interesting findings, such as the prevalence of unreachable code in android malware, noted by the multiple components in their CFGs, the high density, strong closeness and betweenness, and larger number of nodes in the android malware, compared to the IoT malware, highlighting its higher order of complexity. We note that the number of edges in android malware is larger than that in IoT malware, highlighting a richer flow structure of those malware samples, despite their structural simplicity (number of nodes). We note that most of those graph-based properties can be used as discriminative features for classification.
Original language | English |
---|---|
Title of host publication | Computational Data and Social Networks - 7th International Conference, CSoNet 2018, Proceedings |
Editors | My T. Thai, Xuemin Chen, Wei Wayne Li, Arunabha Sen |
Publisher | Springer Verlag |
Pages | 259-272 |
Number of pages | 14 |
ISBN (Print) | 9783030046477 |
DOIs | |
State | Published - 2018 |
Event | 7th International Conference on Computational Data and Social Networks, CSoNet 2018 - Shanghai, China Duration: 18 Dec 2018 → 20 Dec 2018 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 11280 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 7th International Conference on Computational Data and Social Networks, CSoNet 2018 |
---|---|
Country/Territory | China |
City | Shanghai |
Period | 18/12/18 → 20/12/18 |
Bibliographical note
Funding Information:This work is supported by the NSF grant CNS-1809000, NRF grant 2016K1A1A2912757, Florida Center for Cybersecurity (FC2) seed grant, and support by the Air Force Research Lab. This work would not have been possible without the support of Ernest J. Gemeinhart.
Publisher Copyright:
© Springer Nature Switzerland AG 2018.
Keywords
- Android
- Graph analysis
- IoT
- Malware