Toward a Labeled Dataset of IoT Malware Features

Author

Stian Hagboe Olsen, Florida Institute of Technology

Date of Award

5-2022

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Engineering and Sciences

First Advisor

Terrence O’Connor

Second Advisor

Meredith Carroll

Third Advisor

William Shoaff

Fourth Advisor

Philip J. Bernhard

Abstract

IoT malware has accompanied the rapid growth of embedded devices over the last decade. The last few years have seen increased work on static and dynamic detection and classification techniques for IoT malware. However, this work requires a very diverse and fine-grained set of malware-specific characteristics. This paper takes a step toward constructing a large-scale, diverse, and open-source IoT malware dataset. To demonstrate the depth of the dataset, we propose an approach for recovering symbol tables and detecting the intent of stripped IoT malware binaries using function signature libraries and 14 defining Linux malware features with corresponding regular expressions. We publish a dataset with 65,956 IoT malware binaries detected over 14 years, containing 1006 unique malware threat labels designed for 15 different architectures. Our results indicate that our feature-specific regular expressions can detect the intent of an IoT malware binary. However, further work on function signature matching is needed to recover a feature-revealing symbol table in stripped IoT malware binaries.

Comments

Copyright held by author

Recommended Citation

Olsen, Stian Hagboe, "Toward a Labeled Dataset of IoT Malware Features" (2022). Theses and Dissertations. 1342.
https://repository.fit.edu/etd/1342