大规模物联网恶意样本分析与分类方法

物联网（IoT）恶意样本发展迅猛，在网络中大量攻击各类物联网设备，但由于开源问题导致其家族特征并不明显，需要一种更细粒度的样本分类方法，以解决高级威胁样本发现和攻击组织追踪等问题。针对该问题，对2019年5月至2020年5月捕获到的157 911个物联网恶意样本进行了大规模分析，并标注了一套包含9个家族分支共计12 278个样本的数据集。提出了物联网恶意样本的分类方法，通过静态逆向分析提取FCG图和文本等复杂结构特征，利用图表示学习和文本表示学习的特征，在标注的数据集上取得了平均召回率88.1%的分类效果。所提方法在实际工作应用中效果优异。 

Large-scale IoT malware analysis and classification method

Recently, Internet of things (IoT) malware emerges in large numbers and attacks IoT devices in cyberspace. However, the family characteristics of IoT malwares are not obvious due to the open-source problem, a more fine-grained malware classification method is needed to solve the problems of advanced threat malware discovery and attack organization tracking. To address this question, we took a large-scale analysis of 157 911 IoT malwares which have been found from May 2019 to May 2020, and labeled a dataset which includes 9 categories and 12 278 malwares. Then we proposed an IoT malware classification method whose main idea is extracting complex structure features including FCG graph and text by static reverse analysis. The learning features using graph representation learning and text representation learning were used, and the experiments on the labeled dataset show that the average recall rate is 88.1%. Our method has been taken into practice and works well.