| Presentation | 2018-11-22 Part II: Calculating Similarity between IoT Malware over CPU Architectures Ryoichi Isawa, Tao Ban, Katsunari Yoshioka, Daisuke Inoue, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | At the ICSS workshop held in June, 2018, we proposed a method for calculatingsimilarity between IoT malware samples over CPU architectures, based on theirbinaries. The binaries whose CPU architectures differ from each other consist of different types of instructions, which means it is difficult to calculate their similarity scores based on their binaries. To tackle this problem, our method first converts the binaries into instructions of IR (Intermediate Representation), and then it calculates the similarity based on those converted instructions of binaries. Our method can be effective; however, we evaluated effectiveness of our method with just 12 malware samples. In this paper, we show experiments using 945 IoT malware samples, which were categorized into three malware families. The experiments confirmed that our method produced an accuracy of 0.70 against 945 IoT malware samples, and we sense our method captures some features shared between IoT malware samples for good classification of malware. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Internet of Things / Malware analysis / Intermediate representation / N-gram / Jaccard similarity |
| Paper # | ICSS2018-66 |
| Date of Issue | 2018-11-14 (ICSS) |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2018/11/21(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | Yoshiaki Shiraishi(Kobe Univ.) |
| Vice Chair | Hiroki Takakura(NII) / Katsunari Yoshioka(Yokohama National Univ.) |
| Secretary | Hiroki Takakura(NTT) / Katsunari Yoshioka(NICT) |
| Assistant | Akira Yamada(KDDI labs.) / Keisuke Kito(Mitsubishi Electric) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Part II: Calculating Similarity between IoT Malware over CPU Architectures |
| Sub Title (in English) | |
| Keyword(1) | Internet of Things |
| Keyword(2) | Malware analysis |
| Keyword(3) | Intermediate representation |
| Keyword(4) | N-gram |
| Keyword(5) | Jaccard similarity |
| 1st Author's Name | Ryoichi Isawa |
| 1st Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 2nd Author's Name | Tao Ban |
| 2nd Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 3rd Author's Name | Katsunari Yoshioka |
| 3rd Author's Affiliation | Yokohama National University/National Institute of Information and Communications Technology(YNU/NICT) |
| 4th Author's Name | Daisuke Inoue |
| 4th Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| Date | 2018-11-22 |
| Paper # | ICSS2018-66 |
| Volume (vol) | vol.118 |
| Number (no) | ICSS-315 |
| Page | pp.pp.73-78(ICSS), |
| #Pages | 6 |
| Date of Issue | 2018-11-14 (ICSS) |