MTHAEL: Cross-Architecture IoT Malware Detection Based on Neural Network Advanced Ensemble Learning

The complexity, sophistication, and impact of malware evolve with industrial revolution and technology advancements. This article discusses and proposes a robust cross-architecture IoT malware threat hunting model based on advanced ensemble learning (MTHAEL). Our unique MTHAEL model using stacked ensemble of heterogeneous feature selection algorithms and state-of-the-art neural networks to learn different levels of semantic features demonstrates enhanced IoT malware detection than existing approaches. MTHAEL is the first of its kind that effectively optimizes recurrent neural network (RNN) and convolutional neural network (CNN) with high classification accuracy and consistently low computational overheads on different IoT architectures. Cross-architecture benchmarking is performed during the training with different architectures such as ARM, Intel80386, MIPS, and MIPS+Intel80386 individually. Two different hardware architectures were employed to analyze the architecture overhead, namely Raspberry Pi 4 (ARM-based architecture) and Core-i5 (Intel-based architecture). Our proposed MTHAEL is evaluated comprehensively with a large IoT cross-architecture dataset of 21,137 samples and has achieved 99.98 percent classification accuracy for ARM architecture samples, surpassing prior related works. Overall, MTHAEL has demonstrated practical suitability for cross-architecture IoT malware detection with low computational overheads requiring only 0.32 seconds to detect Any IoT malware.

[1]  Engin Kirda,et al.  Hypervisor-based malware protection with AccessMiner , 2015, Comput. Secur..

[2]  Survey on Malware Detection Methods , 2009 .

[3]  Mamoun Alazab,et al.  Profiling and classifying the behavior of malicious codes , 2015, J. Syst. Softw..

[4]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[5]  Jules Pagna Disso,et al.  Similarity hash based scoring of portable executable files for efficient malware detection in IoT , 2020, Future Gener. Comput. Syst..

[6]  J. Li,et al.  Smart city and the applications , 2011, 2011 International Conference on Electronics, Communications and Control (ICECC).

[7]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[8]  Ali Dehghantanha,et al.  An opcode‐based technique for polymorphic Internet of Things malware detection , 2020, Concurr. Comput. Pract. Exp..

[9]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[10]  Sanghong Lee,et al.  WoO based user centric Energy Management System in the internet of things , 2014, The International Conference on Information Networking 2014 (ICOIN2014).

[11]  Mohammed S. Alam,et al.  Random Forest Classification for Detecting Android Malware , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.

[12]  Hung-Min Sun,et al.  An Android mutation malware detection based on deep learning using visualization of importance from codes , 2019 .

[13]  Shedden Masupe,et al.  Internet of Things Malware : A Survey , 2017 .

[14]  George Forman,et al.  An Extensive Empirical Study of Feature Selection Metrics for Text Classification , 2003, J. Mach. Learn. Res..

[15]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[16]  Frédéric Thiesse,et al.  Sensor Applications in the Supply Chain: The Example of Quality-Based Issuing of Perishables , 2008, IOT.

[17]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[18]  Ch. Ramesh Babu,et al.  Internet of Vehicles: From Intelligent Grid to Autonomous Cars and Vehicular Clouds , 2016 .

[19]  Maninder Singh,et al.  Cyber forensics framework for big data analytics in IoT environment using machine learning , 2018, Multimedia Tools and Applications.

[20]  Dumitru Erhan,et al.  Going deeper with convolutions , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[21]  Ali Dehghantanha,et al.  Trends In Android Malware Detection , 2013, J. Digit. Forensics Secur. Law.

[22]  S. Sitharama Iyengar,et al.  A Survey on Malware Detection Using Data Mining Techniques , 2017, ACM Comput. Surv..

[23]  Ning Zhang,et al.  An Open, Secure and Flexible Platform Based on Internet of Things and Cloud Computing for Ambient Aiding Living and Telemedicine , 2011, 2011 International Conference on Computer and Management (CAMAN).

[24]  GardinerJoseph,et al.  On the Security of Machine Learning in Malware C&C Detection , 2016 .

[25]  Aziz Mohaisen,et al.  AMAL: High-fidelity, behavior-based automated malware analysis and classification , 2014, Comput. Secur..

[26]  Nathan S. Netanyahu,et al.  DeepSign: Deep learning for automatic malware signature generation and classification , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).

[27]  Conrad D. James,et al.  Dynamic Analysis of Executables to Detect and Characterize Malware , 2017, 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA).

[28]  Yong Qi,et al.  Detecting Malware with an Ensemble Method Based on Deep Neural Network , 2018, Secur. Commun. Networks.

[29]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[30]  K. P. Soman,et al.  Robust Intelligent Malware Detection Using Deep Learning , 2019, IEEE Access.

[31]  Yuval Elovici,et al.  Unknown Malcode Detection Using OPCODE Representation , 2008, EuroISI.

[32]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[33]  Razvan Pascanu,et al.  Malware classification with recurrent networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[34]  Quoc-Dung Ngo,et al.  Towards malware detection in routers with C500-toolkit , 2017, 2017 5th International Conference on Information and Communication Technology (ICoIC7).

[35]  Amin Azmoodeh,et al.  Graph embedding as a new approach for unknown malware detection , 2017, Journal of Computer Virology and Hacking Techniques.

[36]  Antonio F. Gómez-Skarmeta,et al.  An internet of things–based personal device for diabetes therapy management in ambient assisted living (AAL) , 2011, Personal and Ubiquitous Computing.

[37]  Ping Yan,et al.  A survey on dynamic mobile malware detection , 2017, Software Quality Journal.

[38]  Nei Kato,et al.  State-of-the-Art Deep Learning: Evolving Machine Intelligence Toward Tomorrow’s Intelligent Network Traffic Control Systems , 2017, IEEE Communications Surveys & Tutorials.

[39]  Tsutomu Matsumoto,et al.  IoTPOT: A Novel Honeypot for Revealing Current IoT Threats , 2016, J. Inf. Process..

[40]  Marco Bazzani,et al.  Enabling the IoT Paradigm in E-health Solutions through the VIRTUS Middleware , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[41]  Terrance E. Boult,et al.  A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions , 2016, IEEE Communications Surveys & Tutorials.

[42]  Paul A. Watters,et al.  Cybercrime: The Case of Obfuscated Malware , 2011, ICGS3/e-Democracy.

[43]  Widodo Budiharto,et al.  Lstm And Simple Rnn Comparison In The Problem Of Sequence To Sequence On Conversation Data Using Bahasa Indonesia , 2018, 2018 Indonesian Association for Pattern Recognition International Conference (INAPR).

[44]  R. Vinayakumar,et al.  A hybrid deep learning image-based analysis for effective malware detection , 2019, J. Inf. Secur. Appl..

[45]  Chong Kuan Chen,et al.  IoT Security: Ongoing Challenges and Research Opportunities , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[46]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[47]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[48]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[49]  Wojciech Zaremba,et al.  An Empirical Exploration of Recurrent Network Architectures , 2015, ICML.

[50]  Miao Yun,et al.  Research on the architecture and key technology of Internet of Things (IoT) applied on smart grid , 2010, 2010 International Conference on Advances in Energy Engineering.

[51]  Christopher M. Bishop,et al.  Pattern Recognition and Machine Learning (Information Science and Statistics) , 2006 .

[52]  Robert S. H. Istepanian,et al.  Internet of m-health Things “m-IoT” , 2011 .

[53]  Jake Bouvrie,et al.  Notes on Convolutional Neural Networks , 2006 .

[54]  Antonio F. Gómez-Skarmeta,et al.  An Architecture Based on Internet of Things to Support Mobility and Security in Medical Environments , 2010, 2010 7th IEEE Consumer Communications and Networking Conference.

[55]  Sitalakshmi Venkatraman,et al.  Use of Data Visualisation for Zero-Day Malware Detection , 2018, Secur. Commun. Networks.

[56]  Flora Malamateniou,et al.  Enabling data protection through PKI encryption in IoT m-Health devices , 2012, 2012 IEEE 12th International Conference on Bioinformatics & Bioengineering (BIBE).

[57]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[58]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[59]  Andrew Walenstein,et al.  The Software Similarity Problem in Malware Analysis , 2006, Duplication, Redundancy, and Similarity in Software.

[60]  Kim-Kwang Raymond Choo,et al.  User profiling in intrusion detection: A review , 2016, J. Netw. Comput. Appl..

[61]  Georgios Kambourakis,et al.  The Mirai botnet and the IoT Zombie Armies , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[62]  Yu Gu,et al.  The IOT research in supply chain management of fresh agricultural products , 2011, 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC).

[63]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[64]  Jianbin Zhang,et al.  An IoT-based appliance control system for smart homes , 2013, 2013 Fourth International Conference on Intelligent Control and Information Processing (ICICIP).

[65]  Daniel Bilar,et al.  Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[66]  Ainuddin Wahid Abdul Wahab,et al.  A review on feature selection in mobile malware detection , 2015, Digit. Investig..

[67]  Kim-Kwang Raymond Choo,et al.  On cloud security attacks: A taxonomy and intrusion detection and prevention as a service , 2016, J. Netw. Comput. Appl..

[68]  Joohan Lee,et al.  Data mining methods for malware detection using instruction sequences , 2008 .

[69]  Md. Rafiqul Islam,et al.  Hybrids of support vector machine wrapper and filter based framework for malware detection , 2016, Future Gener. Comput. Syst..

[70]  Hao Sheng,et al.  Intelligent transportation systems for smart cities: a progress review , 2012, Science China Information Sciences.

[71]  Ali Dehghantanha,et al.  Internet of Things security and forensics: Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[72]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.