Reinterpreting System Calls for Enhanced IoT Malware Analysis Using Function Call Graphs

Reinterpreting System Calls for Enhanced IoT Malware Analysis Using Function Call Graphs

연구 분야: Safety

학회: International Conference on Information Security and Cryptology

The rapid rise of IoT malware has created significant challenges in accurately analyzing its behavior and structure. Function Call Graph (FCG) analysis shows promise, but its effectiveness is often compromised by inaccuracies in reconstructing FCGs from opcode sequences in static analysis. To address this, we propose a novel approach that enhances system call identification through tailored lookup rules, outperforming state-of-the-art reverse engineering tools. This improvement significantly refines FCG representations, enabling more precise IoT malware analysis. We validated our method on a dataset of over 37,000 IoT malware samples across seven CPU architectures. Our experiments assess the impact of varying system call integration within FCGs and compare our approach with two recent techniques for improving FCG-based malware analysis. Results demonstrate that incorporating accurate system call information into FCGs substantially enhances IoT malware detection and classification accuracy.