Visible to the public A light-weight malware static visual analysis for IoT infrastructure

TitleA light-weight malware static visual analysis for IoT infrastructure
Publication TypeConference Paper
Year of Publication2018
AuthorsNaeem, H., Guo, B., Naeem, M. R.
Conference Name2018 International Conference on Artificial Intelligence and Big Data (ICAIBD)
ISBN Number978-1-5386-6987-7
Keywordsclassification, cloud computing, feature extraction, Gray-scale, gray-scale image, Human Behavior, hybrid global malware features, hybrid local malware features, image classification, image representation, Internet of Things, invasive software, IoT infrastructure, large-scale IoT malware, large-scale malware, light-weight malware static visual analysis, Malware, malware analysis, malware attacks, malware family classification, malware image classification system, Metrics, Microsoft Windows, Microwave integrated circuits, MICS, pubcrawl, Resiliency, visualization

Recently a huge trend on the internet of things (IoT) and an exponential increase in automated tools are helping malware producers to target IoT devices. The traditional security solutions against malware are infeasible due to low computing power for large-scale data in IoT environment. The number of malware and their variants are increasing due to continuous malware attacks. Consequently, the performance improvement in malware analysis is critical requirement to stop rapid expansion of malicious attacks in IoT environment. To solve this problem, the paper proposed a novel framework for classifying malware in IoT environment. To achieve flne-grained malware classification in suggested framework, the malware image classification system (MICS) is designed for representing malware image globally and locally. MICS first converts the suspicious program into the gray-scale image and then captures hybrid local and global malware features to perform malware family classification. Preliminary experimental outcomes of MICS are quite promising with 97.4% classification accuracy on 9342 windows suspicious programs of 25 families. The experimental results indicate that proposed framework is quite capable to process large-scale IoT malware.

Citation Keynaeem_light-weight_2018