Litcius/Paper detail

EVOLIoT

Mirabelle Dib, Sadegh Torabi, Elias Bou‐Harb, Nizar Bouguila, Chadi Assi

2022Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security24 citationsDOIOpen Access PDF

Abstract

Recent years have witnessed the emergence of new and more sophisticated malware targeting the Internet of Things. Moreover, the public release of the source code of popular malware families such as Mirai has spawned diverse variants, making it harder to disambiguate their ownership, lineage, and correct label. Such a rapidly evolving landscape makes it also harder to deploy and generalize effective learning models against retired, updated, and/or new threat campaigns. In this paper, we present EVOLIoT, a novel approach aiming at combating "concept drift" and the limitations of inter-family IoT malware classification by detecting drifting IoT malware families and understanding their diverse evolutionary trajectories. We introduce a robust and effective contrastive method that learns and compares semantically meaningful representations of IoT malware binaries and codes without the need for expensive target labels. We find that the evolution of IoT binaries can be used as an augmentation strategy to learn effective representations to contrast (dis)similar variant pairs. We discuss the impact and findings of our analysis and present several evaluation studies to highlight the tangled relationships of IoT malware, as well as the efficiency of our contrastively learned feature vectors in preserving semantics and reducing out-of-vocabulary size in cross-architecture IoT malware binaries.

Topics & Concepts

MalwareComputer scienceSemantics (computer science)Feature (linguistics)Internet of ThingsCode (set theory)Artificial intelligenceMachine learningComputer securityProgramming languageSet (abstract data type)PhilosophyLinguisticsAdvanced Malware Detection TechniquesData Stream Mining TechniquesNetwork Security and Intrusion Detection