In Industrial Internet of Things(IIoT), secure transferring, computing and processing data are critical in developing automated environments, such as smart factories, smart airports and smart healthcare systems for high quality service. Therefore, how to make full use of the massive industrial data in IIoT while preventing malware intrusion and leaking out no privacy is a leading and promising work. In this paper, we focus on the research of malware detection and propose an architecture of a classified behavior graph-based intelligent detection model for malware attacks, which can not only avoid the high cost in graph matching but also achieve high malware detection accuracy. Experiments on the malware families Delf, Obfuscated, Small and Zlob, each malware family containing 880 samples, show that the highest accuracy TPR can reach up to 99.9%.

在工业物联网 (IIoT) 中，安全传输、计算和处理数据对于开发自动化环境至关重要，例如智能工厂、智能机场和智能医疗保健系统以提供高质量服务。因此，如何充分利用工业物联网中的海量工业数据，同时防止恶意软件入侵和隐私泄露，是一项领先且有前景的工作。在本文中，我们专注于恶意软件检测的研究，并提出了一种基于分类行为图的恶意软件攻击智能检测模型的架构，该模型不仅可以避免图匹配的高成本，还可以实现较高的恶意软件检测精度。在恶意软件家族 Delf、Obfuscated、Small 和 Zlob 上的实验表明，每个恶意软件家族包含 880 个样本，最高准确率 TPR 可以达到 99.9%。