Visible to the public C500-CFG: A Novel Algorithm to Extract Control Flow-based Features for IoT Malware Detection

TitleC500-CFG: A Novel Algorithm to Extract Control Flow-based Features for IoT Malware Detection
Publication TypeConference Paper
Year of Publication2019
AuthorsPhu, T. N., Hoang, L., Toan, N. N., Tho, N. Dai, Binh, N. N.
Conference Name2019 19th International Symposium on Communications and Information Technologies (ISCIT)
Date PublishedSept. 2019
ISBN Number978-1-7281-5009-3
KeywordsC500-CFG, C500-CFG algorithm, computational complexity, computer network security, control flow graph, control flow-based features, decom-piled executable codes, Ding's NP-hard problem, dynamic programming, feature extraction, feature information, graph theory, high-complexity programs, Human Behavior, Internet of Things, invasive software, IoT, IoT malware detection, malicious code, malware analysis, malware detection, Metrics, privacy, pubcrawl, resilience, Resiliency, static characteristic extraction method, text analysis, text-based methods

{Static characteristic extraction method Control flow-based features proposed by Ding has the ability to detect malicious code with higher accuracy than traditional Text-based methods. However, this method resolved NP-hard problem in a graph, therefore it is not feasible with the large-size and high-complexity programs. So, we propose the C500-CFG algorithm in Control flow-based features based on the idea of dynamic programming, solving Ding's NP-hard problem in O(N2) time complexity, where N is the number of basic blocks in decom-piled executable codes. Our algorithm is more efficient and more outstanding in detecting malware than Ding's algorithm: fast processing time, allowing processing large files, using less memory and extracting more feature information. Applying our algorithms with IoT data sets gives outstanding results on 2 measures: Accuracy = 99.34%

Citation Keyphu_c500-cfg_2019