IoT malware detection architecture using a novel channel boosted and squeezed CNN

Asam, Muhammad; Khan, Saddam Hussain; Akbar, Altaf; Bibi, Sameena; Jamal, Tauseef; Khan, Asifullah; Ghafoor, Usman; Bhutta, M. Raheel

doi:10.1038/s41598-022-18936-9

Cited by 47 publications

(24 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The scores in most of the models are higher than 99%, which indicates that the models employing our proposed features perform quite well. The results of the proposed method were compared with similar studies, such as opcode feature [25], 2D image of executable file [51], behavior-based feature [23], CFG feature [52], etc. We selected to use a MLP model as the comparison models employed a Convolutional Neural Network (CNN) as the deep learning algorithm.…”

Section: B Malware Detectionmentioning

confidence: 99%

Robust IoT Malware Detection and Classification Using Opcode Category Features on Machine Learning

Lee¹,

Kim

Baek

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Technology advancements have led to the use of millions of IoT devices. However, IoT devices are being exploited as an entry point due to security flaws by resource constraints. IoT malware is being discovered in a variety of types. The purpose of this study is to investigate whether IoT malware can be detected from benign and whether various malware family types can be classified. We propose fixed-length and low-dimensional features using opcode category information on ML models. The binary IoT dataset for this study is converted into opcode to create features. The opcodes are categorized into 6 or 11 according to their functionality. Features are created using a sequence of opcode categories and the entropy values of opcode categories. These features can be visualized by using a 2D image in order to observe patterns. We evaluate our proposed features on various ML models (5-NN, SVM, Decision Tree, and Random Forest) and MLP with various performance metrics, such as Accuracy, Precision, Recall, F1-score, MCC, AUC-ROC, and AUC-PR. The performance results for malware detection and classification have an accuracy over 98.0%. The experiments have demonstrated that the features we've proposed are effective and robust for identifying different types of IoT malware and benign.

show abstract

Section: B Malware Detectionmentioning

confidence: 99%

Robust IoT Malware Detection and Classification Using Opcode Category Features on Machine Learning

Lee¹,

Kim

Baek

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The term "malicious activities" in this context refers to nine common forms of malicious assaults that might affect any Internet of Things device. We track network tra c and produce malware instance reports that include evasion, information collecting, needed privilege, required privilege, library, persistence method, required privilege, and process interaction [12].…”

Section: Data Pre-processingmentioning

confidence: 99%

Automated Malware Analysis in Internet of Things based Systems: A Deep Learning Approach

Khapre

Ganeshan

2022

Preprint

View full text Add to dashboard Cite

Numerous potentials are presented by the Internet of Things, but there are a number of drawbacks as well. IoT devices have recently been more frequently the subject of malware assaults. Deep Learning is a popular technique that is used to identify and classify viruses. Researchers are working to strengthen the security of gadgets that are connected to the Internet in this respect. This approach used the behaviour of malware during run-time in the context of system calls to identify it. The real-time IoT malware samples were given by IOTPOT, a honeypot that replicates a variety of IoT device CPU architectures. From the malicious system calls that are generated, a deep learning algorithm extracts the necessary characteristics. To better understand malware activity, RGB photos were transformed and behavioural data was used to depict the samples. The retrieved system calls were divided into two groups—normal and malicious sequences—using VGG-19 (Visual Geometry Group – 19). The two classes were then assigned to each of the 15 subclasses of malware. The model is made lightweight and computationally efficient utilising a two-step feature extraction method that uses complete vector features for classification and lightweight dynamic features for weighting. The efficiency of deep learning is assessed using a range of performance criteria. In comparison to previously developed approaches, we were able to achieve an average classification accuracy of 97.75%, an increase of 3.7%.

show abstract

“…Asam et al [ 62 ] designed a CNN-based malware detection architecture in IoT called iMDA. Edge exploration and smoothing, multi-path expanded convolutional operations, and channel compressing and boosting in CNN were just a few of the feature learning schemes that were included in the proposed iMDA’s modular design and were used to learn a variety of features.…”

Section: Introductionmentioning

confidence: 99%

Transfer Learning for Image-Based Malware Detection for IoT

Panda

Kumar

Marappan

et al. 2023

Sensors

View full text Add to dashboard Cite

The tremendous growth in online activity and the Internet of Things (IoT) led to an increase in cyberattacks. Malware infiltrated at least one device in almost every household. Various malware detection methods that use shallow or deep IoT techniques were discovered in recent years. Deep learning models with a visualization method are the most commonly and popularly used strategy in most works. This method has the benefit of automatically extracting features, requiring less technical expertise, and using fewer resources during data processing. Training deep learning models that generalize effectively without overfitting is not feasible or appropriate with large datasets and complex architectures. In this paper, a novel ensemble model, Stacked Ensemble—autoencoder, GRU, and MLP or SE-AGM, composed of three light-weight neural network models—autoencoder, GRU, and MLP—that is trained on the 25 essential and encoded extracted features of the benchmark MalImg dataset for classification was proposed. The GRU model was tested for its suitability in malware detection due to its lesser usage in this domain. The proposed model used a concise set of malware features for training and classifying the malware classes, which reduced the time and resource consumption in comparison to other existing models. The novelty lies in the stacked ensemble method where the output of one intermediate model works as input for the next model, thereby refining the features as compared to the general notion of an ensemble approach. Inspiration was drawn from earlier image-based malware detection works and transfer learning ideas. To extract features from the MalImg dataset, a CNN-based transfer learning model that was trained from scratch on domain data was used. Data augmentation was an important step in the image processing stage to investigate its effect on classifying grayscale malware images in the MalImg dataset. SE-AGM outperformed existing approaches on the benchmark MalImg dataset with an average accuracy of 99.43%, demonstrating that our method was on par with or even surpassed them.

show abstract

IoT malware detection architecture using a novel channel boosted and squeezed CNN

Cited by 47 publications

References 34 publications

Robust IoT Malware Detection and Classification Using Opcode Category Features on Machine Learning

Robust IoT Malware Detection and Classification Using Opcode Category Features on Machine Learning

Automated Malware Analysis in Internet of Things based Systems: A Deep Learning Approach

Transfer Learning for Image-Based Malware Detection for IoT

Contact Info

Product

Resources

About