Automated malware behaviour analysis for IoT technologies

Abstract

As we transition our society into the digital age, the increasing prevalence of IoT Networks and devices will require more cybersecurity personnel to keep these IoT systems secure. A key part of doing this would require personnel to conduct malware analysis on malicious software, to understand their inner workings and how to combat them. To do so, requires learning the complex malware analysis process. Currently, this involves having to utilize a myriad of basic analysis tools, as well as advanced reverse engineering. However, there is a great level of difficulty involved in parsing convoluted binary data. New analyst may not be familiar how and what tools to use for basic analysis. And even those familiar with malware analysis may not be comfortable with reverse engineering a binary and understanding its workings from its assembly listing. This includes two key components. Firstly, we will compile a list of currently available analysis tools and simplify the analysis process by developing a malware analysis framework that outlines the key data points to look for during analysis. This will provide analysts with the necessary tools and information needed to conduct effective malware analysis. Secondly, we will showcase advanced analysis techniques by providing analysis scripts that automate the reverse engineering process in malware analysis. To test the accuracy of our behaviour classification system, we conduct analysis on known malware samples using our framework and analysis script. Afterwhich, we compare the detection accuracy using the script and determine how much malware behaviour it was able to detect. The results show that following our framework and script, we were able to detect over 80% of the key malware behaviours in the known malware sample, showing a more simplified malware analysis process to facilitate in learning.