The Internet of Things (IoT) is one of the most promising technology vision of the most recent years. It will really impact the way economy, industry and govern- ments perform their operation, with all the benefits coming from the increase of connectivity among devices pushed to the limit. Unfortunately, the availability of countless number of Internet connected devices having a small but usable computing power is the Holy Grail of cybercriminals, especially if (like in the most of the cases) those devices are also particularly vulnerable to attacks. The enormous growth of IoT malware spotted in the wild is the proof that shows how the situation is already dramatic and that it is worsening everyday more and more. Designing strategies to defend, detect and mitigate those attacks it is critical to secure the IoT environment and to realize the vision of the Internet of Things. In this work, an approach for recognizing and classifying the attacks targeting IoT devices is presented. The approach leverages the fact that attacks and particularly malware (and even more in the case of the IoT) are characterized by extensive code reuse, enabling the identification of attack patterns characterizing the device compromise stage. Furthermore, the definition of those patterns enables the profiling, grouping and classification of the attacks in an effective and robust way against the small changes performed by attackers to evade signature-based approaches.