A Novel Framework to Classify Malware in MIPS Architecture-Based IoT Devices

Abstract EN

Malware on devices connected to the Internet via the Internet of Things (IoT) is evolving and is a core component of the fourth industrial revolution.

IoT devices use the MIPS architecture with a large proportion running on embedded Linux operating systems, but the automatic analysis of IoT malware has not been resolved.

We proposed a framework to classify malware in IoT devices by using MIPS-based system behavior (system call—syscall) obtained from our F-Sandbox passive process and machine learning techniques.

The F-Sandbox is a new type for IoT sandbox, automatically created from the real firmware of the specialized IoT devices, inheriting the specialized environment in the real firmware, therefore creating a diverse environment for sandboxing as an important characteristic of IoT sandbox.

This framework classifies five families of IoT malware with F1-Weight = 97.44%.