TY - GEN
T1 - Graph-based comparison of IoT and android malware
AU - Alasmary, Hisham
AU - Anwar, Afsah
AU - Park, Jeman
AU - Choi, Jinchun
AU - Nyang, Daehun
AU - Mohaisen, Aziz
N1 - Funding Information:
This work is supported by the NSF grant CNS-1809000, NRF grant 2016K1A1A2912757, Florida Center for Cybersecurity (FC2) seed grant, and support by the Air Force Research Lab. This work would not have been possible without the support of Ernest J. Gemeinhart.
Publisher Copyright:
© Springer Nature Switzerland AG 2018.
PY - 2018
Y1 - 2018
N2 - The growth in the number of android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware) that can run on both, affecting their ecosystems. Thus, it is essential to understand those malware towards their detection. In this work, we look into a comparative study of android and IoT malware through the lenses of graph measures: we construct abstract structures, using the control flow graph (CFG) to represent malware binaries. Using those structures, we conduct an in-depth analysis of malicious graphs extracted from the android and IoT malware. By reversing 2,874 and 201 malware binaries corresponding to the IoT and android platforms, respectively, extract their CFGs, and analyze them across both general characteristics, such as the number of nodes and edges, as well as graph algorithmic constructs, such as average shortest path, betweenness, closeness, density, etc. Using the CFG as an abstract structure, we emphasize various interesting findings, such as the prevalence of unreachable code in android malware, noted by the multiple components in their CFGs, the high density, strong closeness and betweenness, and larger number of nodes in the android malware, compared to the IoT malware, highlighting its higher order of complexity. We note that the number of edges in android malware is larger than that in IoT malware, highlighting a richer flow structure of those malware samples, despite their structural simplicity (number of nodes). We note that most of those graph-based properties can be used as discriminative features for classification.
AB - The growth in the number of android and Internet of Things (IoT) devices has witnessed a parallel increase in the number of malicious software (malware) that can run on both, affecting their ecosystems. Thus, it is essential to understand those malware towards their detection. In this work, we look into a comparative study of android and IoT malware through the lenses of graph measures: we construct abstract structures, using the control flow graph (CFG) to represent malware binaries. Using those structures, we conduct an in-depth analysis of malicious graphs extracted from the android and IoT malware. By reversing 2,874 and 201 malware binaries corresponding to the IoT and android platforms, respectively, extract their CFGs, and analyze them across both general characteristics, such as the number of nodes and edges, as well as graph algorithmic constructs, such as average shortest path, betweenness, closeness, density, etc. Using the CFG as an abstract structure, we emphasize various interesting findings, such as the prevalence of unreachable code in android malware, noted by the multiple components in their CFGs, the high density, strong closeness and betweenness, and larger number of nodes in the android malware, compared to the IoT malware, highlighting its higher order of complexity. We note that the number of edges in android malware is larger than that in IoT malware, highlighting a richer flow structure of those malware samples, despite their structural simplicity (number of nodes). We note that most of those graph-based properties can be used as discriminative features for classification.
KW - Android
KW - Graph analysis
KW - IoT
KW - Malware
UR - http://www.scopus.com/inward/record.url?scp=85059072847&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-04648-4_22
DO - 10.1007/978-3-030-04648-4_22
M3 - Conference contribution
AN - SCOPUS:85059072847
SN - 9783030046477
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 259
EP - 272
BT - Computational Data and Social Networks - 7th International Conference, CSoNet 2018, Proceedings
A2 - Thai, My T.
A2 - Chen, Xuemin
A2 - Li, Wei Wayne
A2 - Sen, Arunabha
PB - Springer Verlag
Y2 - 18 December 2018 through 20 December 2018
ER -