Graph-based IoT malware family classification
University of New Brunswick
Internet of Things malware has become one of the main cyber-threats nowadays. There is no comprehensive study in a feature-based manner for IoT malware detection approaches to the best of our knowledge. Moreover, the studies show that there is a lack of IoT malware family classification system. This thesis attempts to bridge these gaps by proposing a feature-based IoT malware taxonomy and a graph-based IoT malware family classification framework by combining the FCGs and fuzzy hashes. We introduce the Aggregated Weighted Graph (AWGH) of Hashes, representing each IoT malware family's structure. We use IDA Pro  for generating the FCGs, ssdeep  for computing the fuzzy hashes, and Python for developing the fully automated framework. To evaluate the system's effectiveness, we use the VirusTotal dataset  and provide a comparative analysis with different IoT malware regarding their CPU architectures (MIPS, ARM, i386, PowerPC, and AMD64). The results show the effectiveness of our framework.