IoT Botnet Detection Approach Based on PSI graph and DGCNN classifier

Internet of Things (IoT) devices are increasingly deployed in different domain and for different purposes. The increasing presence in a broad range of applications, their computing and processing capabilities make them a valuable attack target for IoT botnet malware. Recent years, machine learning has been served as a useful resource for researchers in malware detection. However, the feature extraction is always a heavy manually task relying on domain knowledge while malware may evolve fast in real world. In order to deal with this problem, convolutional neural networks (CNN) based IoT malware detection, which can detect malware without extracting pre-selected features is a promising solution. In this paper, we propose a novel approach for Linux IoT botnet detection based on the combination of PSI graph and CNN classifier. 10033 ELF files including 4002 IoT botnet samples and 6031 benign files were used for the experiment. The evaluation result shows that PSI graph CNN classifier achieves an accuracy of 92% and a F-measure of 94%.