The Internet-of-Things (IoT) consists of embedded computers connected to each other and to the Internet, and it forms the basis of innovative new applications in different domains. However, besides its advantages, it also poses security risks. One specific security problem is that embedded IoT devices can be infected by malware, endangering the trustworthiness of IoT systems and the availability of Internet-based services. Recently, some scientific papers have proposed to use machine learning (ML) for the purpose of detecting IoT malware. These ML-based malware detectors can work with high accuracy, but it has also been shown that they can be misled easily by adversarial samples (i.e., malicious binaries that appear to be benign to the trained model). One approach to cope with this problem is adversarial training (i.e., extending the training set with adversarial samples); however, it requires a large number of adversarial samples. This motivates the automated generation of such samples, which is a non-trivial problem, to be addressed in this project.

The task of the student is:

• to identify and to study the related work on using fuzzing techniques for generating adversarial samples from existing IoT malware binaries;
• to design and to implement a coverage-guided fuzzing framework that allows for the automated generation of adversarial samples and that offers flexibility in the selection of mutation strategies, ML models, and coverage metrics;
• to demonstrate the usage of the framework on a real malware dataset and with multiple ML models.