{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,7]],"date-time":"2026-07-07T15:54:43Z","timestamp":1783439683716,"version":"3.54.6"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,20]],"date-time":"2024-06-20T00:00:00Z","timestamp":1718841600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,20]]},"DOI":"10.1145\/3652032.3657577","type":"proceedings-article","created":{"date-parts":[[2024,6,20]],"date-time":"2024-06-20T17:00:08Z","timestamp":1718902808000},"page":"95-106","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Unmasking the Lurking: Malicious Behavior Detection for IoT Malware with Multi-label Classification"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9080-6865","authenticated-orcid":false,"given":"Ruitao","family":"Feng","sequence":"first","affiliation":[{"name":"Singapore Management University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-7614-5529","authenticated-orcid":false,"given":"Sen","family":"Li","sequence":"additional","affiliation":[{"name":"Tianjin University, Tianjin, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9477-4100","authenticated-orcid":false,"given":"Sen","family":"Chen","sequence":"additional","affiliation":[{"name":"Tianjin University, Tianjin, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6912-6152","authenticated-orcid":false,"given":"Mengmeng","family":"Ge","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5330-7298","authenticated-orcid":false,"given":"Xuewei","family":"Li","sequence":"additional","affiliation":[{"name":"Tianjin University, Tianjin, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0752-6764","authenticated-orcid":false,"given":"Xiaohong","family":"Li","sequence":"additional","affiliation":[{"name":"Tianjin University, Tianjin, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,6,20]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2925929"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2018.8433203"},{"key":"e_1_3_2_1_3_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Alrawi Omar","year":"2021","unstructured":"Omar Alrawi, Charles Lever, Kevin Valakuzhy, Kevin Snow, Fabian Monrose, and Manos Antonakakis. 2021. The Circle of life: A $large-scale$ study of the $IoT$ malware lifecycle. In 30th USENIX Security Symposium (USENIX Security 21). 3505\u20133522."},{"key":"e_1_3_2_1_4_1","unstructured":"Kishore Angrishi. 2017. Turning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681."},{"key":"e_1_3_2_1_5_1","volume-title":"26th USENIX security symposium (USENIX Security 17). 1093\u20131110.","author":"Antonakakis Manos","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, and Michalis Kallitsis. 2017. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17). 1093\u20131110."},{"key":"e_1_3_2_1_6_1","volume-title":"Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning","author":"Azmoodeh Amin","year":"2018","unstructured":"Amin Azmoodeh, Ali Dehghantanha, and Kim-Kwang Raymond Choo. 2018. Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE transactions on sustainable computing, 4, 1 (2018), 88\u201395."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1587\/transinf.2018OFL0007"},{"key":"e_1_3_2_1_8_1","volume-title":"Learning multi-label scene classification. Pattern recognition, 37, 9","author":"Boutell Matthew R","year":"2004","unstructured":"Matthew R Boutell, Jiebo Luo, Xipeng Shen, and Christopher M Brown. 2004. Learning multi-label scene classification. Pattern recognition, 37, 9 (2004), 1757\u20131771."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102779"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData47090.2019.9005981"},{"key":"e_1_3_2_1_11_1","first-page":"1","article-title":"Iot malware: Comprehensive survey, analysis framework and case studies","volume":"1","author":"Costin Andrei","year":"2018","unstructured":"Andrei Costin and Jonas Zaddach. 2018. Iot malware: Comprehensive survey, analysis framework and case studies. BlackHat USA, 1, 1 (2018), 1\u20139.","journal-title":"BlackHat USA"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386367.3431317"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377930.3390231"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103323"},{"key":"e_1_3_2_1_15_1","first-page":"1","article-title":"Hajime: Analysis of a decentralized internet worm for IoT devices","volume":"16","author":"Edwards Sam","year":"2016","unstructured":"Sam Edwards and Ioannis Profetis. 2016. Hajime: Analysis of a decentralized internet worm for IoT devices. Rapidity Networks, 16 (2016), 1\u201318.","journal-title":"Rapidity Networks"},{"key":"e_1_3_2_1_16_1","volume-title":"MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform. In 2019 24th International Conference on Engineering of Complex Computer Systems.","author":"Feng Ruitao","year":"2019","unstructured":"Ruitao Feng, Sen Chen, Xiaofei Xie, Lei Ma, Guozhu Meng, Yang Liu, and Shang-Wei Lin. 2019. MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform. In 2019 24th International Conference on Engineering of Complex Computer Systems."},{"key":"e_1_3_2_1_17_1","article-title":"A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices","author":"Feng Ruitao","year":"2020","unstructured":"Ruitao Feng, Sen Chen, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, and Yang Liu. 2020. A Performance-Sensitive Malware Detection System Using Deep Learning on Mobile Devices. IEEE Transactions on Information Forensics and Security.","journal-title":"IEEE Transactions on Information Forensics and Security."},{"key":"e_1_3_2_1_18_1","volume-title":"SeqMobile: An Efficient Sequence-Based Malware Detection System Using RNN on Mobile Devices. In 2020 25th International Conference on Engineering of Complex Computer Systems.","author":"Feng Ruitao","year":"2020","unstructured":"Ruitao Feng, Jing Qiang Lim, Sen Chen, Shang-Wei Lin, and Yang Liu. 2020. SeqMobile: An Efficient Sequence-Based Malware Detection System Using RNN on Mobile Devices. In 2020 25th International Conference on Engineering of Complex Computer Systems."},{"key":"e_1_3_2_1_19_1","volume-title":"A Performance-Sensitive Malware Detection System on Mobile Platform","author":"Feng Ruitao","unstructured":"Ruitao Feng, Yang Liu, and Shangwei Lin. 2019. A Performance-Sensitive Malware Detection System on Mobile Platform. In Formal Methods and Software Engineering, Yamine Ait-Ameur and Shengchao Qin (Eds.). Springer International Publishing, Cham. 493\u2013497. isbn:978-3-030-32409-4"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-015-0244-0"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISDFS52919.2021.9486386"},{"key":"e_1_3_2_1_22_1","unstructured":"Nikolai Hampton and Patryk Szewczyk. 2015. A survey and method for analysing soho router firmware currency."},{"key":"e_1_3_2_1_23_1","unstructured":"Philokypros Ioulianou Vasileios Vasilakis Ioannis Moscholios and Michael Logothetis. 2018. A signature-based intrusion detection system for the internet of things. Information and Communication Technology Form."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2995887"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/CyberSecPODS.2016.7502343"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2006.90"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/IJCNN52387.2021.9533500"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW60847.2023.00171"},{"key":"e_1_3_2_1_29_1","unstructured":"MaGraMal. 2024. Appendix. https:\/\/github.com\/MaGraMal2024\/MaGraMal\/blob\/main\/Appendix.pdf"},{"key":"e_1_3_2_1_30_1","unstructured":"MaGraMal. 2024. Dataset. https:\/\/github.com\/MaGraMal2024\/MaGraMal\/tree\/main\/Dataset"},{"key":"e_1_3_2_1_31_1","unstructured":"Meka. 2016. Meka. https:\/\/github.com\/Waikato\/meka\/tree\/f0cc96133399afa4c80d2b8a6342913fe9057fb0"},{"key":"e_1_3_2_1_32_1","unstructured":"MITRE. 2013. ATT&CK. https:\/\/attack.mitre.org"},{"key":"e_1_3_2_1_33_1","unstructured":"Annamalai Narayanan Mahinthan Chandramohan Rajasekar Venkatesan Lihui Chen Yang Liu and Shantanu Jaiswal. 2017. graph2vec: Learning distributed representations of graphs. arXiv preprint arXiv:1707.05005."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-019-00475-6"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102513"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.24.522"},{"key":"e_1_3_2_1_37_1","article-title":"Multi-label Classification for Android Malware Based on Active Learning","author":"Qiao Qijing","year":"2022","unstructured":"Qijing Qiao, Ruitao Feng, Sen Chen, Fei Zhang, and Xiaohong Li. 2022. Multi-label Classification for Android Malware Based on Active Learning. IEEE Transactions on Dependable and Secure Computing.","journal-title":"IEEE Transactions on Dependable and Secure Computing."},{"key":"e_1_3_2_1_38_1","unstructured":"Radare2. 2006. Radare2. https:\/\/rada.re\/r\/"},{"key":"e_1_3_2_1_39_1","first-page":"1","article-title":"Meka: a multi-label\/multi-target extension to weka","volume":"17","author":"Read Jesse","year":"2016","unstructured":"Jesse Read, Peter Reutemann, Bernhard Pfahringer, and Geoff Holmes. 2016. Meka: a multi-label\/multi-target extension to weka. Journal of Machine Learning Research, 17, 21 (2016), 1\u20135.","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3453158"},{"key":"e_1_3_2_1_41_1","volume-title":"Sanjiva Prasad, Daniele Sgandurra, Yaokai Feng, and Kouichi Sakurai.","author":"Su Jiawei","year":"2018","unstructured":"Jiawei Su, Danilo Vargas Vasconcellos, Sanjiva Prasad, Daniele Sgandurra, Yaokai Feng, and Kouichi Sakurai. 2018. Lightweight classification of IoT malware based on image recognition. In 2018 IEEE 42Nd annual computer software and applications conference (COMPSAC). 2, 664\u2013669."},{"key":"e_1_3_2_1_42_1","volume-title":"10th International Microsystems, Packaging, Assembly and Circuits Technology Conference (IMPACT). 192\u2013195","author":"Taylor Robin","year":"2015","unstructured":"Robin Taylor, David Baron, and Daniel Schmidt. 2015. The world in 2025-predictions for the next ten years. In 2015 10th International Microsystems, Packaging, Assembly and Circuits Technology Conference (IMPACT). 192\u2013195."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/LNET.2021.3076600"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.4018\/jdwm.2007070101"},{"key":"e_1_3_2_1_45_1","unstructured":"Daniel Uhr\u0131cek. 2020. Lisa\u2013multiplatform linux sandbox for analyzing iot malware."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2021.01.004"},{"key":"e_1_3_2_1_47_1","unstructured":"J Vijayan. 2018. Satori Botnet Malware Now Can Infect Even More IoT Devices."},{"key":"e_1_3_2_1_48_1","unstructured":"VirusShare. 2012. VirusShare. https:\/\/virusshare.com\/"},{"key":"e_1_3_2_1_49_1","unstructured":"VirusTotal. 2004. VirusTotal. https:\/\/www.virustotal.com\/"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/OJCS.2020.3033974"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103060"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1155\/2020\/6804290"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2978335"},{"key":"e_1_3_2_1_54_1","unstructured":"zynamics. 2011. bindiff. https:\/\/www.zynamics.com\/bindiff.html"}],"event":{"name":"LCTES '24: 25th ACM SIGPLAN\/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems","location":"Copenhagen Denmark","acronym":"LCTES '24","sponsor":["SIGBED ACM Special Interest Group on Embedded Systems","SIGPLAN ACM Special Interest Group on Programming Languages"]},"container-title":["Proceedings of the 25th ACM SIGPLAN\/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3652032.3657577","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3652032.3657577","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:03:12Z","timestamp":1750291392000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3652032.3657577"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,20]]},"references-count":54,"alternative-id":["10.1145\/3652032.3657577","10.1145\/3652032"],"URL":"https:\/\/doi.org\/10.1145\/3652032.3657577","relation":{},"subject":[],"published":{"date-parts":[[2024,6,20]]},"assertion":[{"value":"2024-06-20","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}