物聯網（IoT）的快速增長將為日常生活帶來便利和效能提升，但也帶來了風險和挑戰。惡意程式對物聯網系統的安全性構成威脅。為了確保物聯網的可持續發展，需加強物聯網設備的安全防護，並採用創新的技術來偵測惡意程式。函數調用圖（FCG）是由函數、函數中的操作碼序列及函數之間調用組成，可用於對惡意軟件進行分類。在逆向提取出的函數調用圖中，有許多具有相同操作碼序列的函數，這可能導致檢測結果的準確性下降，同時可能出現資訊誤判的情況。過去的研究在使用FCG進行惡意程式檢測時未考慮函數操作碼序列是否相同。為了解決此問題，在本研究中我們提出利用hash function一對一且搜尋快速的特性將FCG上擁有相同操作碼序列的點作合併，在維持準確率的同時大幅的縮短訊練與前處理的時間。在實驗結果顯示藉由此方法訓練的時間減少36\%，準確率達99.17\%。

The rapid growth of the Internet of Things (IoT) brings convenience and efficiency improvements to everyday life, but it also presents risks and challenges. Malware poses a threat to the security of IoT systems. To ensure the sustainable development of IoT, it is necessary to enhance the security protection of IoT devices and adopt innovative techniques for detecting malicious software.Function Call Graph (FCG) is composed of functions, opcode sequences within functions, and function calls between functions. It can be used for classifying malicious programs. In the reverse-engineered FCG, there are often multiple functions with the same opcode sequences, which can lead to a decrease in the accuracy of detection results and potential false positives. Previous research on using FCG for malware detection did not consider whether the function opcode sequences were the same. To address this issue, in this study, we propose using the characteristics of hash functions for one-to-one mapping and fast searching to merge nodes in the FCG that have the same opcode sequences. This significantly reduces the training and preprocessing time while maintaining accuracy. Experimental results show a 36\% reduction in training time and an accuracy of 99.17\% using this method.

[1] S. R. Department, “IoT connected devices worldwide 2030.” https://www.statista.com/
statistics/802690/worldwide-connected-devices-by-access-technology/, July 2022.
[2] M. Wazzan, D. Algazzawi, O. Bamasaq, A. Albeshri, and L. Cheng, “Internet of Things botnet de-
tection approaches: Analysis and recommendations for future research,” Applied Sciences, vol. 11,
no. 12, p. 5713, 2021.
[3] S. Planning, “The economic impacts of inadequate infrastructure for software testing,” National In-
stitute of Standards and Technology, vol. 1, 2002.
[4] A. Brucker and U. Sodan, “Deploying static application security testing on a large scale,” Sicherheit
2014–Sicherheit, Schutz und Zuverlässigkeit, 2014.
[5] R. Kawasoe, C. Han, R. Isawa, T. Takahashi, and J. Takeuchi, “Investigating behavioral differences
between IoT malware via function call sequence graphs,” in Proc. 36th Annual ACM Symposium on
Applied Computing, pp. 1674–1682, 2021.
[6] C. Li, G. Shen, and W. Sun, “Cross-architecture Intemet-of-Things malware detection based on graph
neural network,” in 2021 International Joint Conference on Neural Networks, pp. 1–7, IEEE, 2021.
[7] C.-Y. Wu, T. Ban, S.-M. Cheng, T. Takahashi, and D. Inoue, “IoT malware classification based on
reinterpreted function-call graphs,” Computers & Security, vol. 125, p. 103060, 2023.
[8] J. C. S. Sicato, P. K. Sharma, V. Loia, and J. H. Park, “VPNFilter malware analysis on cyber threat in
smart home network,” MDPI Applied Sciences, vol. 9, no. 13, p. 2763, 2019.
[9] M. Antonakakis et al., “Understanding the Mirai botnet,” in Proc. USENIX Security 2017, pp. 1093–
1110, Aug. 2017.
[10] B. Kang, S. Y. Yerima, K. Mclaughlin, and S. Sezer, “N-opcode analysis for android malware classi-
fication and categorization,” in Proc. International Conference On Cyber Security And Protection Of
Digital Services, pp. 1–7, 2016.
[11] J. Z. Kolter and M. A. Maloof, “Learning to detect and classify malicious executables in the wild.,”
Journal of Machine Learning Research, vol. 7, no. 12, 2006.
[12] S. Gülmez and I. Sogukpinar, “Graph-based malware detection using opcode sequences,” in Proc. 9th
International Symposium on Digital Forensics and Security, pp. 1–5, 2021.
[13] E. Raff, J. Barker, J. Sylvester, R. Brandon, B. Catanzaro, and C. Nicholas, “Malware detection by
eating a whole exe,” arXiv preprint arXiv:1710.09435, 2017.
[14] J. L. Hu, M. Ebrahimi, W. Li, X. Li, and H. Chen, “Multi-view representation learning from malware
to defend against adversarial variants,” arXiv preprint arXiv:2210.15429, 2022.
[15] A. Narayanan, M. Chandramohan, R. Venkatesan, L. Chen, Y. Liu, and S. Jaiswal, “graph2vec: Learn-
ing distributed representations of graphs,” arXiv preprint arXiv:1707.05005, 2017.
[16] K. Xu, W. Hu, J. Leskovec, and S. Jegelka, “How powerful are graph neural networks?,” arXiv preprint
arXiv:1810.00826, 2018.
[17] Y. Gao, H. Hasegawa, Y. Yamaguchi, and H. Shimada, “Malware detection using attributed CFG gen-
erated by pre-trained language model with graph isomorphism network,” in Proc. IEEE 46th Annual
Computers, Software, and Applications Conference, pp. 1495–1501, 2022.
[18] “Radare2.” https://rada.re/r/.
[19] N. Hampton and P. Szewczyk, “A survey and method for analysing soho router firmware currency,”
2015.
[20] G. Sood, virustotal: R Client for the virustotal API, 2017. R package version 0.2.1.