Date of Award


Document Type


Degree Name

Master of Science (MS)


Computer Engineering and Sciences

First Advisor

Terrence O’Connor

Second Advisor

Meredith Carroll

Third Advisor

William Shoaff

Fourth Advisor

Philip J. Bernhard


IoT malware has accompanied the rapid growth of embedded devices over the last decade. The last few years have seen increased work on static and dynamic detection and classification techniques for IoT malware. However, this work requires a very diverse and fine-grained set of malware-specific characteristics. This paper takes a step toward constructing a large-scale, diverse, and open-source IoT malware dataset. To demonstrate the depth of the dataset, we propose an approach for recovering symbol tables and detecting the intent of stripped IoT malware binaries using function signature libraries and 14 defining Linux malware features with corresponding regular expressions. We publish a dataset with 65,956 IoT malware binaries detected over 14 years, containing 1006 unique malware threat labels designed for 15 different architectures. Our results indicate that our feature-specific regular expressions can detect the intent of an IoT malware binary. However, further work on function signature matching is needed to recover a feature-revealing symbol table in stripped IoT malware binaries.


Copyright held by author