Graph-based IoT malware family classification

Thumbnail Image



Journal Title

Journal ISSN

Volume Title


University of New Brunswick


Internet of Things malware has become one of the main cyber-threats nowadays. There is no comprehensive study in a feature-based manner for IoT malware detection approaches to the best of our knowledge. Moreover, the studies show that there is a lack of IoT malware family classification system. This thesis attempts to bridge these gaps by proposing a feature-based IoT malware taxonomy and a graph-based IoT malware family classification framework by combining the FCGs and fuzzy hashes. We introduce the Aggregated Weighted Graph (AWGH) of Hashes, representing each IoT malware family's structure. We use IDA Pro [60] for generating the FCGs, ssdeep [3] for computing the fuzzy hashes, and Python for developing the fully automated framework. To evaluate the system's effectiveness, we use the VirusTotal dataset [4] and provide a comparative analysis with different IoT malware regarding their CPU architectures (MIPS, ARM, i386, PowerPC, and AMD64). The results show the effectiveness of our framework.