Interaction between devices, people, and the Internet has given birth to a new digital communication model, the internet of things (IoT). The integration of smart devices to constitute a network introduces many security challenges. These connected devices have created a security blind spot, where cybercriminals can easily launch attacks to compromise the devices using malware proliferation techniques. Therefore, malware detection is a lifeline for securing IoT devices against cyberattacks. This study addresses the challenge of malware detection in IoT devices by proposing a new CNN-based IoT malware detection architecture (iMDA). The proposed iMDA is modular in design that incorporates multiple feature learning schemes in blocks including (1) edge exploration and smoothing, (2) multi-path dilated convolutional operations, and (3) channel squeezing and boosting in CNN to learn a diverse set of features. The local structural variations within malware classes are learned by Edge and smoothing operations implemented in the split-transform-merge (STM) block. The multi-path dilated convolutional operation is used to recognize the global structure of malware patterns. At the same time, channel squeezing and merging helped to regulate complexity and get diverse feature maps. The performance of the proposed iMDA is evaluated on a benchmark IoT dataset and compared with several state-of-the CNN architectures. The proposed iMDA shows promising malware detection capacity by achieving accuracy: 97.93%, F1-Score: 0.9394, precision: 0.9864, MCC: 0. 8796, recall: 0.8873, AUC-PR: 0.9689 and AUC-ROC: 0.9938. The strong discrimination capacity suggests that iMDA may be extended for the android-based malware detection and IoT Elf files compositely in the future.
Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It’s Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks.
Malware is a key component of cyber-crime, and its analysis is the first line of defence against cyber-attack. This study proposes two new malware classification frameworks: Deep Feature Space-based Malware classification (DFS-MC) and Deep Boosted Feature Space-based Malware classification (DBFS-MC). In the proposed DFS-MC framework, deep features are generated from the customized CNN architectures and are fed to a support vector machine (SVM) algorithm for malware classification, while, in the DBFS-MC framework, the discrimination power is enhanced by first combining deep feature spaces of two customized CNN architectures to achieve boosted feature spaces. Further, the detection of exceptional malware is performed by providing the deep boosted feature space to SVM. The performance of the proposed malware classification frameworks is evaluated on the MalImg malware dataset using the hold-out cross-validation technique. Malware variants like Autorun.K, Swizzor.gen!I, Wintrim.BX and Yuner.A is hard to be correctly classified due to their minor inter-class differences in their features. The proposed DBFS-MC improved performance for these difficult to discriminate malware classes using the idea of feature boosting generated through customized CNNs. The proposed classification framework DBFS-MC showed good results in term of accuracy: 98.61%, F-score: 0.96, precision: 0.96, and recall: 0.96 on stringent test data, using 40% unseen data.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.