2023 Fiscal Year Research-status Report
Research on IoT Anti-malware Technology beyond CPU Architectures
| Project/Area Number |
22K12038
|
|---|
| Research Institution | National Institute of Information and Communications Technology |
|---|
Principal Investigator |
班 涛 国立研究開発法人情報通信研究機構, サイバーセキュリティ研究所, 主任研究員 (80462878)
|
|---|
| Project Period (FY) |
2022-04-01 – 2025-03-31
|
| Keywords | IoT malware analysis / IoT security / static analysis / packer / explainable AI / machine learning |
|---|
| Outline of Annual Research Achievements |
In FY 2023, we advanced research on compatible malware protection across CPU architectures and resilience against cyberattacks. Here are the expanded details:
(1) Our research on employing explainable AI to identify unique characteristics in malware families was successfully concluded. We proposed the Color-coded Attribute Graph for intuitive and accurate malware analysis, which garnered significant attention in the cybersecurity community.
(2) Our exploration into detecting IoT malware in packed samples has provided valuable insights. Through an analysis of trends in packed malware on VirusTotal and overcoming challenges with reverse engineering tools, we have developed a robust solution. This solution involves feature selection and automated malware classification, shedding light on accurately and efficiently detecting packed IoT malware. It is poised to significantly enhance the overall security of IoT devices.
(3) With a keen focus on efficiency in resource-constrained devices and cross-platform compatibility, we delved deeper into methods for analyzing IoT malware using printable strings extracted from binary files. Our extensive validation process confirmed the effectiveness of these methods, paving the way for more robust malware detection techniques in the future.
|
| Current Status of Research Progress |
Current Status of Research Progress
2: Research has progressed on the whole more than it was originally planned.
Reason
In this FY, our primary objective of analyzing IoT malware across CPU architectures has yielded expected results: 1 conference paper accepted, 2 in preparation. Side research on packed malware faced slight delays; 1 paper withdrawn due to data insufficiency, prompting further investigation.
(1) Research on XAI for IoT malware analysis is successfully concluded, resulting in 1 international conference paper.
(2) Work on printable string-based malware detection is ongoing, utilizing effective suffix tree-based string processing methods, with 2 papers be in preparation.
(3) New research started on reinterpreting opcodes as system calls for malware samples without symbolic tables, aiming for compatible CPU architecture analysis through a transition from opcode to system call-level analysis.
|
| Strategy for Future Research Activity |
In the concluding year of this research project, our goal is to craft a pragmatic and precise malware detection system tailored for widespread IoT devices by integrating accumulated findings. Specifically, we aim to:
(1) Enhance malware detection through printable strings, refining classification accuracy and lessening reliance on system resources.
(2) Conclude our investigation into text processing methods grounded in suffix trees, fine-tuning parameters for effective analysis of IoT-related malware.
(3) Finalize our exploration of reinterpreting opcodes as system calls, enhancing malware analysis and ensuring compatibility across platforms.
(4) Persist in monitoring the evolving trends of packed programs within IoT malware, ensuring proactive measures against forthcoming threats.
|
| Causes of Carryover |
Originally, we had planned to participate in the International Symposium on Computer and Communications (ISCC2023) in Tunisia. However, due to changes in the country's visa policy, visa applications for overseas participants had not yet opened by the time of the conference. As a result, the overseas business trip was canceled, and the corresponding travel expenses were deferred to the fiscal year 2024. With the trip canceled, the paper is still published with ISCC2023 and the presentation is done remotely online.
|
