Toward a Labeled Dataset of IoT Malware Features

IoT malware has accompanied the rapid growth of embedded devices over the last decade. Previous work has proposed static and dynamic detection and classification techniques for IoT malware. However, this work requires a diverse and fine-grained set of malware-specific characteristics. This paper presents a longitudinal, diverse, and open-source IoT malware dataset. To demonstrate the depth of the dataset, we propose an approach for recovering symbol tables and detecting the intent of stripped IoT malware binaries using function signature libraries and 14 defining Linux malware features with corresponding regular expressions. We publish a dataset with 65,956 IoT malware binaries detected over 14 years, containing 1006 unique malware threat labels designed for 15 different architectures. Our results indicate that our feature-specific regular expressions can detect the intent of an IoT malware binary. However, further work on function signature matching is needed to recover a feature-revealing symbol table in stripped IoT malware binaries.