{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,15]],"date-time":"2026-07-15T16:50:13Z","timestamp":1784134213541,"version":"3.55.0"},"reference-count":113,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3091427","type":"journal-article","created":{"date-parts":[[2021,6,22]],"date-time":"2021-06-22T19:53:26Z","timestamp":1624391606000},"page":"91686-91709","source":"Crossref","is-referenced-by-count":50,"title":["A Survey on Cross-Architectural IoT Malware Threat Hunting"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9873-5870","authenticated-orcid":false,"given":"Anandharaju Durai","family":"Raju","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8359-4470","authenticated-orcid":false,"given":"Ibrahim Y.","family":"Abualhaol","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7877-9531","authenticated-orcid":false,"given":"Ronnie Salvador","family":"Giagone","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9057-6713","authenticated-orcid":false,"given":"Yang","family":"Zhou","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9137-0178","authenticated-orcid":false,"given":"Shengqiang","family":"Huang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2020.3015584"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.03.007"},{"key":"ref33","year":"2021","journal-title":"Elf Utils"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3378448"},{"key":"ref31","year":"2021","journal-title":"ELFdump Util"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-019-00475-6"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.11"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICICSP.2018.8549713"},{"key":"ref35","first-page":"1","article-title":"The tangled genealogy of IoT malware","author":"cozzi","year":"2020","journal-title":"Proc Comput Secur Appl Conf"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2019.102526"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"ref27","author":"tung","year":"2014","journal-title":"Linux Malware Under Spotlight"},{"key":"ref29","year":"0","journal-title":"Malware Facts"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00106"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.icte.2020.04.005"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2018.8433203"},{"key":"ref24","year":"2018","journal-title":"IoT Developer Survey 2018"},{"key":"ref23","first-page":"1","article-title":"Iot malware: Comprehensive survey, analysis framework and case studies","author":"costin","year":"2018","journal-title":"Proc BlackHat USA"},{"key":"ref101","article-title":"An analysis of the Chuck Norris botnet 2","author":"?eleda","year":"2011"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.3390\/s20205897"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2010.15"},{"key":"ref25","year":"2021","journal-title":"Program Header"},{"key":"ref50","year":"1994","journal-title":"The PowerPC TM Architecture A Specification for a New Family of RISC Processors"},{"key":"ref51","year":"1998","journal-title":"SPARC Assembly Language Reference Manual"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611972818.12"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1155\/2019\/8195395"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/TSUSC.2018.2809665"},{"key":"ref56","year":"2021","journal-title":"Symbol Tables"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403021"},{"key":"ref54","author":"boelen","year":"2019","journal-title":"The 101 of ELF Files on Linux Understanding and Analysis"},{"key":"ref53","year":"2001","journal-title":"ARM Information Center"},{"key":"ref52","author":"price","year":"1995","journal-title":"MIPS IV Instruction Set"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/KSE.2018.8573374"},{"key":"ref4","author":"leyden","year":"2021","journal-title":"Ransomware Attacks More Than Doubled Last Year as Cybercrime Operations Scale Up During Coronavirus Pandemic"},{"key":"ref3","author":"sanders","year":"2021","journal-title":"Malware Facts"},{"key":"ref6","author":"ilascu","year":"2020","journal-title":"Fitbit Gallery Can be Used to Distribute Malicious Apps"},{"key":"ref5","author":"o\u2019donnell","year":"2021","journal-title":"Ransomware Attack Foils IoT Giant Sierra Wireless"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-62582-5_17"},{"key":"ref7","author":"khandelwal","year":"2016","journal-title":"Hacked Cameras Behind Dyn DDoS attack"},{"key":"ref49","year":"1996","journal-title":"Superh RISC Engine SH-1\/SH-2 Programming Manual"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.11.001"},{"key":"ref46","author":"kevan","year":"2019","journal-title":"IoT Processor Dilemma"},{"key":"ref45","year":"2021","journal-title":"ELF File Format"},{"key":"ref48","year":"2021","journal-title":"X86 Opcode and Instruction Reference 1 12"},{"key":"ref47","year":"2021","journal-title":"&#x00D7;86 Opcode and Instruction Reference 1 12"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.3923\/itj.2013.380.384"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2925929"},{"key":"ref44","author":"sanmillan","year":"2018","journal-title":"Elf Structure"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/s10115-011-0393-5"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.30693\/SMJ.2019.8.1.27"},{"key":"ref72","first-page":"1","article-title":"Using file relationships in malware classification","author":"karampatziakis","year":"2012","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26190-4_28"},{"key":"ref70","author":"kyadige","year":"2019","journal-title":"Learning from context Exploiting and interpreting file path information for better malware detection"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2019.100153"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1145\/3368926.3369702"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2020.04.031"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9050793"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2018.10315"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/OJCS.2020.3033974"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020448"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/IESYS.2017.8233558"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3278496"},{"key":"ref64","first-page":"33","article-title":"Zozzle: Fast and precise in-browser JavaScript malware detection","author":"curtsinger","year":"2011","journal-title":"Proc Usenix Secur Symp"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/2016904.2016908"},{"key":"ref66","article-title":"Malware detection by eating a whole EXE","author":"raff","year":"2017","journal-title":"arXiv 1710 09435"},{"key":"ref67","article-title":"Echelon: Two-tier malware detection for raw executables to reduce false alarms","author":"raju","year":"2021","journal-title":"arXiv 2101 01015"},{"key":"ref68","author":"chen","year":"2020","journal-title":"STAMINA Scalable deep learning approach for malware classification"},{"key":"ref2","author":"sriram","year":"2020","journal-title":"COVID-19&#x2014;Malware Makes Hay During a Pandemic"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2018.00028"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/LNET.2021.3076600"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2910268"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3048319"},{"key":"ref94","year":"2021","journal-title":"Qemu&#x2014;MIPS Limitation"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2963724"},{"key":"ref93","year":"2021","journal-title":"Qemu&#x2014;Limitation"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3073408"},{"key":"ref92","author":"kumar","year":"2016","journal-title":"IoT Security Issues"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-021-00077-7"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2019.100129"},{"key":"ref91","year":"2021","journal-title":"IoT Issues"},{"key":"ref104","article-title":"Netcomm NB5 botnet-PSYB0T 2.5L. Retrieved September 10, 2009","author":"baume","year":"2009"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1109\/SOCA.2014.58"},{"key":"ref103","first-page":"449","article-title":"PsybOt malware: A step-by-step decompilation case study","author":"?urfina","year":"2013","journal-title":"Proc 20th Work Conf Reverse Eng (WCRE)"},{"key":"ref102","article-title":"Analyzing a backdoor\/bot for the MIPS platform","author":"bohio","year":"2015"},{"key":"ref111","article-title":"Malware in IoT software and hardware","author":"milosevic","year":"2016"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2019.01.017"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.5121\/ijcses.2017.8301"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60753-5_19"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2020.300926"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2019.00088"},{"key":"ref97","first-page":"1093","article-title":"Understanding the Mirai botnet","author":"antonakakis","year":"2017","journal-title":"Proc 26th USENIX Secur Symp (USENIX Security)"},{"key":"ref10","first-page":"74","article-title":"Survey on malware detection methods","author":"vinod","year":"2009","journal-title":"Proc 3rd Hackers&#x2019; Workshop Comput Internet Secur (IITKHACK)"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/IKT.2013.6620049"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2014.52006"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2009.03.003"},{"key":"ref14","first-page":"105","article-title":"A survey of visualization systems for malware analysis","author":"wagner","year":"2015","journal-title":"Proc Eurograph Conf Vis (EuroVis)"},{"key":"ref15","article-title":"A survey of malware detection techniques","volume":"48","author":"idika","year":"2007"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3073559"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.10.004"},{"key":"ref81","first-page":"1","article-title":"IoTPOT: Analysing the rise of IoT compromises","author":"pa","year":"2015","journal-title":"Proc 9th USENIX Workshop Offensive Technol (WOOT)"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-018-0125-x"},{"key":"ref84","article-title":"EMBER: An open dataset for training static PE malware machine learning models","author":"anderson","year":"2018","journal-title":"arXiv 1804 04637"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.08.022"},{"key":"ref83","year":"2021","journal-title":"Flare-Floss"},{"key":"ref113","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.5173"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1109\/TSMC.1973.4309314"},{"key":"ref89","article-title":"MalNet: A large-scale cybersecurity image database of malicious software","author":"freitas","year":"2021","journal-title":"arXiv 2102 01072"},{"key":"ref85","article-title":"SOREL-20M: A large scale benchmark dataset for malicious PE detection","author":"harang","year":"2020","journal-title":"arXiv 2012 07634"},{"key":"ref86","doi-asserted-by":"crossref","DOI":"10.1109\/SPW53761.2021.00020","article-title":"BODMAS: An open dataset for learning based temporal analysis of PE malware","author":"yang","year":"2021"},{"key":"ref87","year":"2021","journal-title":"Malware Binaries"},{"key":"ref88","article-title":"Virus-MNIST: A benchmark malware dataset","author":"noever","year":"2021","journal-title":"arXiv 2103 00602"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09462110.pdf?arnumber=9462110","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T06:03:54Z","timestamp":1672553034000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9462110\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":113,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3091427","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}