Visible to the public IoT Malware Dynamic Analysis Profiling System and Family Behavior Analysis

TitleIoT Malware Dynamic Analysis Profiling System and Family Behavior Analysis
Publication TypeConference Paper
Year of Publication2019
AuthorsChen, Cheng-Yu, Hsiao, Shun-Wen
Conference Name2019 IEEE International Conference on Big Data (Big Data)
KeywordsAPI call invocation, API hooking technique, application program interfaces, automatic machine, Behavior Graph, Big Data, conventional profiling methods, deployed IoT devices, dynamic analysis, family behavior analysis, family behavior graph, Hidden Markov models, Human Behavior, Inspection, Internet of Things, invasive software, IoT malware, IoT malware dynamic analysis profiling system, IoT malware increases, Libraries, Malware, malware analysis, Metrics, Predictive Metrics, privacy, profiling system adapts virtual machine introspection, pubcrawl, QEMU, Resiliency, valuable IoT malware behavior, virtual machine, virtual machine introspection, virtual machines, Virtual machining
AbstractNot only the number of deployed IoT devices increases but also that of IoT malware increases. We eager to understand the threat made by IoT malware but we lack tools to observe, analyze and detect them. We design and implement an automatic, virtual machine-based profiling system to collect valuable IoT malware behavior, such as API call invocation, system call execution, etc. In addition to conventional profiling methods (e.g., strace and packet capture), the proposed profiling system adapts virtual machine introspection based API hooking technique to intercept API call invocation by malware, so that our introspection would not be detected by IoT malware. We then propose a method to convert the multiple sequential data (API calls) to a family behavior graph for further analysis.
Citation Keychen_iot_2019