A Multi-Dimensional Deep Learning Framework for IoT Malware Classification and Family Attribution

The emergence of Internet of Things malware, which leverages exploited IoT devices to perform large-scale cyber attacks (e.g., Mirai botnet), is considered as a major threat to the Internet ecosystem. To mitigate such threat, there is an utmost need for effective IoT malware classification and family attribution, which provide essential steps towards initiating attack mitigation/prevention countermeasures. In this paper, motivated by the lack of sophisticated malware obfuscation in the implementation of IoT malware, we utilize features extracted from strings- and image-based representations of the executable binaries to propose a novel multi-dimensional classification approach using Deep Learning (DL) architectures. To this end, we analyze more than 70,000 recently detected IoT malware samples. Our in-depth experiments with four prominent IoT malware families highlight the significant accuracy of the approach (99.78%), which outperforms conventional single-level classifiers. Additionally, we utilize our IoT-tailored approach for labeling newly detected "unknown" malware samples, which were mainly attributed to a few predominant families. Finally, this work contributes to the security of future networks (e.g., 5G) through the implementation of effective tools/techniques for timely IoT malware classification, and attack mitigation.