An opcode-based technique for polymorphic Internet of Things malware detection

The increasing popularity of Internet of Things (IoT) devices makes them an attractive target for malware authors. In this paper, we use sequential pattern mining technique to detect most frequent opcode sequences of malicious IoT applications. Detected maximal frequent patterns (MFP) of opcode sequences can be used to differentiate malicious from benign IoT applications. We then evaluate the suitability of MFPs as a classification feature for K nearest neighbors (KNN), support vector machines (SVM), multilayer perceptron (MLP), AdaBoost, decision tree, and random forest classifier. Specifically, we achieve an accuracy rate of 99% in the detection of unseen IoT malware. We also demonstrate the utility of our approach in detecting polymorphed IoT malware samples.