%0 Journal Article
%@ 1939-0114
%A Tran, Nghi Phu
%A Hoang, Dang Kien
%A Ngo, Quoc Dung
%A Nguyen, Dai Tho
%A Nguyen, Ngoc Binh
%A VNU University of Engineering and Technology,
%A People’s Security Academy,
%A Posts and Telecommunications Institute of Technology,
%A Kyoto College of Graduate Studies for Informatics,
%D 2019
%F SisLab:3757
%I Hindawi
%J Security and Communication Networks
%T A Novel Framework to Classify Malware in MIPS Architecture-based IoT Devices
%U https://eprints.uet.vnu.edu.vn/eprints/id/eprint/3757/
%X Malware on devices connected to the Internet via the Internet of Things (IoT) ) is evolving and is a core component of the fourth industrial revolution. IoT devices use the MIPS architecture with a large proportion running on embedded Linux operating systems, but the automatic analysis of IoT malware has not resolved. We proposed a framework to classify malware in IoT devices by using MIPS-based system behavior (system call - syscall) got from our F-Sandbox passive process and machine learning techniques. The F-Sandbox is a new type for IoT sandbox, automatically created from the real firmware of the specialized IoT devices, inheriting the specialized environment in the real firmware, therefore creating a diverse environment for sandboxing as an important characteristic of IoT sandbox. This framework classifies five families of IoT malware with F1-Weight = 97.44%.