The emergence of Internet of Things malware, which leverages exploited IoT devices to perform large-scale cyber attacks (e.g., Mirai botnet), is considered as a major threat to the Internet ecosystem. To mitigate such threat, there is an utmost need for effective IoT malware classification and family attribution, which provide essential steps towards initiating attack mitigation/prevention countermeasures. In this paper, motivated by the lack of sophisticated malware obfuscation in the implementation of IoT malware, we utilize features extracted from strings- and image-based representations of the executable binaries to propose a novel multi-dimensional classification approach using Deep Learning (DL) architectures. To this end, we analyze more than 70,000 recently detected IoT malware samples. Our in-depth experiments with four prominent IoT malware families highlight the significant accuracy of the approach (99.78%), which outperforms conventional single-level classifiers. Additionally, we utilize our IoT-tailored approach for labeling newly detected “unknown” malware samples, which were mainly attributed to a few predominant families. Finally, this work contributes to the security of future networks (e.g., 5G) through the implementation of effective tools/techniques for timely IoT malware classification, and attack mitigation.

中文翻译：

---

用于物联网恶意软件分类和家族归因的多维深度学习框架


物联网恶意软件的出现，利用被利用的物联网设备来执行大规模网络攻击（例如 Mirai 僵尸网络），被认为是对互联网生态系统的主要威胁。为了减轻这种威胁，最需要有效的物联网恶意软件分类和家族归因，这为启动攻击缓解/预防对策提供了必要的步骤。在本文中，由于物联网恶意软件的实现中缺乏复杂的恶意软件混淆，我们利用从可执行二进制文件的基于字符串和图像的表示中提取的特征，提出了一种使用深度学习（DL）的新颖的多维分类方法架构。为此，我们分析了 70,000 多个最近检测到的物联网恶意软件样本。我们对四个著名的物联网恶意软件家族进行的深入实验突显了该方法的显着准确性（99.78％），其性能优于传统的单级分类器。此外，我们利用物联网定制的方法来标记新检测到的“未知”恶意软件样本，这些样本主要归因于几个主要家族。最后，这项工作通过实施有效的工具/技术来及时进行物联网恶意软件分类和攻击缓解，为未来网络（例如 5G）的安全做出贡献。