Hisham Alasmary,Afsah Anwar,Ahmed Abusnaina,Abdulrahman Alabduljabbar,Mohammed Abuhamad,An Wang,Daehun Nyang,Amro Awad,David Mohaisen

DOI: https://doi.org/10.1109/jiot.2021.3086398

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:The Linux shell is a command-line interpreter that provides users with a command interface to the operating system, allowing them to perform various functions. Although very useful in building capabilities at the edge, the Linux shell can be exploited, giving adversaries a prime opportunity to use them for malicious activities. With access to Internet of Things (IoT) devices, malware authors can abuse the Linux shell of those devices to propagate infections and launch large-scale attacks, e.g., Distributed Denial of Service. In this work, we provide a first look at the tasks managed by shell commands in Linux-based IoT malware toward detection. We analyze malicious shell commands found in IoT malware and build a neural network-based model, ShellCore, to detect malicious shell commands. Namely, we collected a large data set of shell commands, including malicious commands extracted from 2891 IoT malware samples and benign commands collected from real-world network traffic analysis and volunteered data from Linux users. Using conventional machine and deep learning-based approaches trained with a term- and character-level features, ShellCore is shown to achieve an accuracy of more than 99% in detecting malicious shell commands and files (i.e., binaries).

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongda Li,Qiqing Huang,Fei Ding,Hongxin Hu,Long Cheng,Guofei Gu,Ziming Zhao

DOI: https://doi.org/10.1145/3488932.3517423

2022-01-01

Abstract:The rocketed population, poor security, and 24/7 online properties make Linux-based Internet of Things (IoT) devices ideal targets for attackers. However, due to the budget constraints and an enormous number of vulnerabilities on such devices, protecting them against attacks is very challenging. Therefore, understanding and detecting IoT malware remote infection, which is before the compromised IoT devices are monetized by adversaries, is crucial to mitigate damages and financial loss caused by IoT malware. In this paper, we conduct an empirical study on a large-scale dataset covering 403,464 samples collected from VirusShare and a large group of IoT honeypots to gain a deep insight into the characteristics of IoT malware remote infection. We share detailed statistics of shell commands found in our dataset, highlight malicious behaviors performed through those commands, investigate current states of fingerprinting methods of those commands, and offer a taxonomy of shell commands by introducing the notion of infection capability. To demonstrate the usefulness of the knowledge gained from our study, we develop an approach to detect ongoing remote infection activities based on infection capabilities. Our evaluation shows that our detection approach can achieve a 99.22% detection rate for remote infections in the wild and introduce small performance overhead.

Ziming Zhao,Zhaoxuan Li,Jiongchi Yu,Fan Zhang,Xiaofei Xie,Haitao Xu,Binbin Chen

DOI: https://doi.org/10.1109/tmc.2023.3311012

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. Existing approaches can be roughly categorized into network-side and host-side. However, existing network-side methods are difficult to capture contextual semantics from cross-source traffic, and previous host-side methods could be adversary-perceived and expose risks for tampering. More importantly, a single perspective cannot comprehensively track the multi-stage lifecycle of IoT malware. In this paper, we present ${\sf CMD}$ , a co-analyzed IoT malware detection and forensics system by combining hardware and network domains. For the network part, ${\sf CMD}$ proposes a tailored capsule neural network to capture the contextual semantics from cross-source traffic. For the hardware part, ${\sf CMD}$ designs an entire file operation recovery process in a side-channel manner by leveraging the Serial Peripheral Interface (SPI) signals from on-chip traces. These traffic provenance and operating logs information could benefit the anti-virus countermeasures for security practitioners. By practical evaluation, we demonstrate that ${\sf CMD}$ realizes outstanding detection effects ( e.g., $\sim$ 99.88% F1-score) compared with seven state-of-the-art methods, and recovers 96.88% $\sim$ 99.75% operation commands even if against adaptive adversaries (that could kill processes or tamper with operation log files). A by-product benefit of such an external monitor is ${\sf CMD}$ introduces zero latency on the IoT device, and incurs negligible IoT CPU utilization. Also, since SPI focuses on file operations, the proposed hardware trace forensics does not have the data explosion problem like previous work, e.g., recovered logs of ${\sf CMD}$ only take up limited extra space overhead ( e.g., $\sim$ 0.2 MB per malware). Furthermore, we provide the model interpretability for the capsule network and develop a case study (Hajime) of the operation logs recovery.

Faiza Habib,Syed Hamad Shirazi,Khursheed Aurangzeb,Asfandyar Khan,Bharat Bhushan,Musaed Alhussein

DOI: https://doi.org/10.1109/access.2024.3383831

IF: 3.9

2024-04-09

IEEE Access

Abstract:Today Internet of Things (IoT) has become a key part of the modern world as it enables web-based IoT devices to collect, transfer, and analyze the data of individuals, companies, and industries. IoT provides numerous services and applications via a massive number of interconnected devices and has become an innovative attack vector for cyber-attacks and threats such as malware attacks that are currently regarded as serious dangers to the security of IoT devices and systems. Such threats are sufficient to infiltrate individual private information that inflicts harm to both the financial standing and reputation in an organization. In literature, researchers have used multiple machine learning and deep learning models to tackle this security threat, however, still accurate classification and detection of metamorphic malware in IoT devices remains a challenge. In this article, we used a deep learning model to accurately detect metamorphic malware in IoT devices. We have employed six models including (VGG16, InceptionV3, CNN, ResNet50, MobileNet, and Efficient NetB0 on Malimg publicly available malware image dataset. The Internet of Things (IoT) would benefit from having a method that could identify metamorphic malware. It isn't possible to rely on detection techniques that are fixed or signature-based. Throughout this research, a straightforward technique for carrying out dynamic analysis to comprehend the behavior of code is suggested. To determine if executable are malicious, it is necessary to first measure the behavior of executable and then utilize this information to make that determination. Additionally, the purpose of this study is to create a classifier that makes utilization of deep learning techniques to analyze complicated behavior reports. The obtained results depict that the proposed model achieves a promising accuracy of 99% and F1-score of 97% employed on the standard Malimg dataset as compared to other existing machine and deep learning models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ziheng Zhou,Lin Li,Xuan-Ying Zhao

DOI: https://doi.org/10.1109/BigDataSecurityHPSCIDS52275.2021.00020

2021-05-01

Abstract:In this paper, we use a Deep Learning technique called Long Short Term Memory (LSTM) recurrent neural networks to detect Webshell which is a kind of trojan scripts written by hackers and causes great security risks to web servers. We mainly use deep learning theory to intelligently extract the characteristics of the opcode sequences of malicious codes written by PHP and study the classification model. In this paper, we compile PHP files into opcode sequences, build Webshell detection model by using LSTM, which also includes word embedding conversion, multi-layer LSTM structure and so on. The trained single-layer model finally shows over 95% accuracy for detecting Webshells. However, accuracy of multi-layer models is reduced on the contrary. The double-layer model shows 93% accuracy and the triple-layer model even shows lower than 90% accuracy. It turns out that more layers is not always better probably due to gradient vanishing or overfitting caused by multiple layers. The result indicates that single-layer model may perform best on Webshell detection.

Computer Science

Ayat T. Salim,Ban Mohammed Khammas

DOI: https://doi.org/10.31987/ijict.6.3.233

2023-12-31

Abstract:Internet of Things (IoT) equipment is rapidly being used in a variety of businesses and for a variety of reasons (for example, sensing and collecting data from the environment in both public and military settings). Because of their expanding involvement in a wide range of applications and their rising computational and processing capabilities, they are a viable attack target for malware tailored to infect specific IoT devices. This study investigates the potential of detecting IoT malware using different deep learning techniques: the classic feedforward neural network (FNN), convolutional neural networks (CNN), long short-term memory (LSTM), and recurrent neural networks (RNN). The proposed method analyses the execution operation codes of IOT app sequences using modern NLP (natural language processing) methods. The current work utilized an IoT application dataset with 500 malware (collected from the IOTPOT dataset) and 500 goodware samples to train the proposed algorithms. The trained model is tested against 2971 fresh IoT malware and goodware samples. The samples were input into deep learning models, and performance metrics were obtained. The results demonstrate that the RNN model had the best accuracy (99.19%) in detecting fresh malware samples. On the other hand, the results were compared by the time required for training; the CNN model shows that it could achieve high accuracy (98.05%) with less training time. A comparison with various deep learning classifiers demonstrates that the RNN and CNN techniques produce the best results.

Jinchun Choi,Afsah Anwar,Abdulrahman Alabduljabbar,Hisham Alasmary,Jeffrey Spaulding,An Wang,Songqing Chen,DaeHun Nyang,Amro Awad,David Mohaisen

DOI: https://doi.org/10.1016/j.comnet.2022.108768

IF: 5.493

2022-04-01

Computer Networks

Abstract:The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet, that play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. Our results, through analysis and visualization expose clear patterns of affinity between sources and targets of attacks, attack exposure by Internet infrastructure, and clear depiction of the ecosystem of IoT malware as a whole, only utilizing static artifacts. Our investigation from four different perspectives provides profound insights into the role of endpoints in IoT malware attacks, which deepens our understanding of IoT malware ecosystems and can assist future defenses.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Gergely Hevesi

2023-11-20

Abstract:Embedded devices are specialised devices designed for one or only a few purposes. They are often part of a larger system, through wired or wireless connection. Those embedded devices that are connected to other computers or embedded systems through the Internet are called Internet of Things (IoT for short) devices. With their widespread usage and their insufficient protection, these devices are increasingly becoming the target of malware attacks. Companies often cut corners to save manufacturing costs or misconfigure when producing these devices. This can be lack of software updates, ports left open or security defects by design. Although these devices may not be as powerful as a regular computer, their large number makes them suitable candidates for botnets. Other types of IoT devices can even cause health problems since there are even pacemakers connected to the Internet. This means, that without sufficient defence, even directed assaults are possible against people. The goal of this thesis project is to provide better security for these devices with the help of machine learning algorithms and reverse engineering tools. Specifically, I study the applicability of control-flow related data of executables for malware detection. I present a malware detection method with two phases. The first phase extracts control-flow related data using static binary analysis. The second phase classifies binary executables as either malicious or benign using a neural network model. I train the model using a dataset of malicious and benign ARM applications.

Artificial Intelligence,Cryptography and Security

Tzu-Ling Wan,Tao Ban,Shin-Ming Cheng,Yen-Ting Lee,Bo Sun,Ryoichi Isawa,Takeshi Takahashi,Daisuke Inoue

DOI: https://doi.org/10.1109/ojcs.2020.3033974

2020-01-01

IEEE Open Journal of the Computer Society

Abstract:Simple implementation and autonomous operation features make the Internet-of-Things (IoT) vulnerable to malware attacks. Static analysis of IoT malware executable files is a feasible approach to understanding the behavior of IoT malware for mitigation and prevention. However, current analytic approaches based on opcodes or call graphs typically do not work well with diversity in central processing unit (CPU) architectures and are often resource intensive. In this paper, we propose an efficient method for leveraging machine learning methods to detect and classify IoT malware programs. We show that reliable and efficient detection and classification can be achieved by exploring the essential discriminating information stored in the byte sequences at the entry points of executable programs. We demonstrate the performance of the proposed method using a large-scale dataset consisting of 111K benignware and 111K malware programs from seven CPU architectures. The proposed method achieves near optimal generalization performance for malware detection (99.96 accuracy) and for malware family classification (98.47 accuracy). Moreover, when CPU architecture information is considered in learning, the proposed method combined with support vector machine classifiers can yield even higher generalization performance using fewer bytes from the executable files. The findings in this paper are promising for implementing light-weight malware protection on IoT devices with limited resources.

Farhan Ullah,Hamad Naeem,Sohail Jabbar,Shehzad Khalid,Muhammad Ahsan Latif,Fadi Al-turjman,Leonardo Mostarda

DOI: https://doi.org/10.1109/access.2019.2937347

IF: 3.9

2019-01-01

IEEE Access

Abstract:The IoT (Internet of Things) connect systems, applications, data storage, and services that may be a new gateway for cyber-attacks as they continuously offer services in the organization. Currently, software piracy and malware attacks are high risks to compromise the security of IoT. These threats may steal important information that causes economic and reputational damages. In this paper, we have proposed a combined deep learning approach to detect the pirated software and malware-infected files across the IoT network. The TensorFlow deep neural network is proposed to identify pirated software using source code plagiarism. The tokenization and weighting feature methods are used to filter the noisy data and further, to zoom the importance of each token in terms of source code plagiarism. Then, the deep learning approach is used to detect source code plagiarism. The dataset is collected from Google Code Jam (GCJ) to investigate software piracy. Apart from this, the deep convolutional neural network is used to detect malicious infections in IoT network through color image visualization. The malware samples are obtained from Maling dataset for experimentation. The experimental results indicate that the classification performance of the proposed solution to measure the cybersecurity threats in IoT are better than the state of the art methods.

Robert Shire,Stavros Shiaeles,Keltoum Bendiab,Bogdan Ghita,Nicholas Kolokotronis

DOI: https://doi.org/10.1007/978-3-030-30859-9_6

2021-09-08

Abstract:Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of resources, it is becoming increasingly harder to protect against security threats such as malware due to its evolving faster than the defence mechanisms can handle with. The traditional security systems are not able to detect unknown malware as they use signature-based methods. In this paper, we aim to address this issue by introducing a novel IoT malware traffic analysis approach using neural network and binary visualisation. The prime motivation of the proposed approach is to faster detect and classify new malware (zero-day malware). The experiment results show that our method can satisfy the accuracy requirement of practical application.

Cryptography and Security,Artificial Intelligence

Shtwai Alsubai,Ashit Kumar Dutta,Abdullah M Alnajim,Abdul Rahaman Wahab Sait,Rashid Ayub,Afnan Mushabbab AlShehri,Naved Ahmad

DOI: https://doi.org/10.7717/peerj-cs.1366

2023-05-29

Abstract:The Internet of Things (IoT) environment demands a malware detection (MD) framework for protecting sensitive data from unauthorized access. The study intends to develop an image-based MD framework. The authors apply image conversion and enhancement techniques to convert malware binaries into RGB images. You only look once (Yolo V7) is employed for extracting the key features from the malware images. Harris Hawks optimization is used to optimize the DenseNet161 model to classify images into malware and benign. IoT malware and Virusshare datasets are utilized to evaluate the proposed framework's performance. The outcome reveals that the proposed framework outperforms the current MD framework. The framework generates the outcome at an accuracy and F1-score of 98.65 and 98.5 and 97.3 and 96.63 for IoT malware and Virusshare datasets, respectively. In addition, it achieves an area under the receiver operating characteristics and the precision-recall curve of 0.98 and 0.85 and 0.97 and 0.84 for IoT malware and Virusshare datasets, accordingly. The study's outcome reveals that the proposed framework can be deployed in the IoT environment to protect the resources.

Sharjeel Riaz,Shahzad Latif,Syed Muhammad Usman,Syed Sajid Ullah,Abeer D Algarni,Amanullah Yasin,Aamir Anwar,Hela Elmannai,Saddam Hussain

DOI: https://doi.org/10.3390/s22239305

2022-11-29

Abstract:Internet of Things (IoT) devices usage is increasing exponentially with the spread of the internet. With the increasing capacity of data on IoT devices, these devices are becoming venerable to malware attacks; therefore, malware detection becomes an important issue in IoT devices. An effective, reliable, and time-efficient mechanism is required for the identification of sophisticated malware. Researchers have proposed multiple methods for malware detection in recent years, however, accurate detection remains a challenge. We propose a deep learning-based ensemble classification method for the detection of malware in IoT devices. It uses a three steps approach; in the first step, data is preprocessed using scaling, normalization, and de-noising, whereas in the second step, features are selected and one hot encoding is applied followed by the ensemble classifier based on CNN and LSTM outputs for detection of malware. We have compared results with the state-of-the-art methods and our proposed method outperforms the existing methods on standard datasets with an average accuracy of 99.5%.

Rami Darwish,Mahmoud Abdelsalam,Sajad Khorsandroo

2024-10-15

Abstract:The Internet of Things (IoT) is one of the fastest-growing computing industries. By the end of 2027, more than 29 billion devices are expected to be connected. These smart devices can communicate with each other with and without human intervention. This rapid growth has led to the emergence of new types of malware. However, traditional malware detection methods, such as signature-based and heuristic-based techniques, are becoming increasingly ineffective against these new types of malware. Therefore, it has become indispensable to find practical solutions for detecting IoT malware. Machine Learning (ML) and Deep Learning (DL) approaches have proven effective in dealing with these new IoT malware variants, exhibiting high detection rates. In this paper, we bridge the gap in research between the IoT malware analysis and the wide adoption of deep learning in tackling the problems in this domain. As such, we provide a comprehensive review on deep learning based malware analysis across various categories of the IoT domain (i.e. Extended Internet of Things (XIoT)), including Industrial IoT (IIoT), Internet of Medical Things (IoMT), Internet of Vehicles (IoV), and Internet of Battlefield Things (IoBT).

Cryptography and Security,Artificial Intelligence

Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.3390/systems11110547

2023-11-11

Systems

Abstract:The Internet of Things (IoT) constitutes the foundation of a deeply interconnected society in which objects communicate through the Internet. This innovation, coupled with 5G and artificial intelligence (AI), finds application in diverse sectors like smart cities and advanced manufacturing. With increasing IoT adoption comes heightened vulnerabilities, prompting research into identifying IoT malware. While existing models excel at spotting known malicious code, detecting new and modified malware presents challenges. This paper presents a novel six-step framework. It begins with eight malware attack datasets as input, followed by insights from Exploratory Data Analysis (EDA). Feature engineering includes scaling, One-Hot Encoding, target variable analysis, feature importance using MDI and XGBoost, and clustering with K-Means and PCA. Our GhostNet ensemble, combined with the Gated Recurrent Unit Ensembler (GNGRUE), is trained on these datasets and fine-tuned using the Jaya Algorithm (JA) to identify and categorize malware. The tuned GNGRUE-JA is tested on malware datasets. A comprehensive comparison with existing models encompasses performance, evaluation criteria, time complexity, and statistical analysis. Our proposed model demonstrates superior performance through extensive simulations, outperforming existing methods by around 15% across metrics like AUC, accuracy, recall, and hamming loss, with a 10% reduction in time complexity. These results emphasize the significance of our study’s outcomes, particularly in achieving cost-effective solutions for detecting eight malware strains.

Emanuele Cozzi,Mariano Graziano,Yanick Fratantonio,Davide Balzarotti

DOI: https://doi.org/10.1109/sp.2018.00054

2018-05-01

Abstract:For the past two decades, the security community has been fighting malicious programs for Windows-based operating systems. However, the recent surge in adoption of embedded devices and the IoT revolution are rapidly changing the malware landscape. Embedded devices are profoundly different than traditional personal computers. In fact, while personal computers run predominantly on x86-flavored architectures, embedded systems rely on a variety of different architectures. In turn, this aspect causes a large number of these systems to run some variants of the Linux operating system, pushing malicious actors to give birth to “Linux malware.” To the best of our knowledge, there is currently no comprehensive study attempting to characterize, analyze, and understand Linux malware. The majority of resources on the topic are available as sparse reports often published as blog posts, while the few systematic studies focused on the analysis of specific families of malware (e.g., the Mirai botnet) mainly by looking at their network-level behavior, thus leaving the main challenges of analyzing Linux malware unaddressed. This work constitutes the first step towards filling this gap. After a systematic exploration of the challenges involved in the process, we present the design and implementation details of the first malware analysis pipeline specifically tailored for Linux malware. We then present the results of the first large-scale measurement study conducted on 10,548 malware samples (collected over a time frame of one year) documenting detailed statistics and insights that can help directing future work in the area.

Jayanthi Ramamoorthy,Khushi Gupta,Narasimha K. Shashidhar,Cihan Varol

DOI: https://doi.org/10.3390/electronics13122381

IF: 2.9

2024-06-19

Electronics

Abstract:Binary function analysis is fundamental in understanding the behavior and genealogy of malware. The detection, classification, and analysis of Linux IoT malware and its variants present significant challenges due to the wide range of architectures supported by the Linux IoT platform. This study concentrates on static analysis using binary lifting techniques to extract and analyze Intermediate Representation (IR) opcode sequences. We introduce a set of statistical entropy-based features derived from these IR opcode sequences, establishing a practical and straightforward methodology for machine learning classification models. By exclusively analyzing function metadata and opcode entropy, our architecture-agnostic approach not only efficiently detects malware but also classifies its variants with a high degree of accuracy, achieving an F1 score of 97%. The proposed approach offers a robust alternative for enhancing malware detection and variant identification frameworks for IoT devices.

engineering, electrical & electronic,computer science, information systems,physics, applied

Gao-Yu Lin,Po-Yuan Wang,Shin-Ming Cheng,Hahn-Ming Lee

DOI: https://doi.org/10.1145/3689427

2024-09-27

ACM Transactions on Embedded Computing Systems

Abstract:The rapid expansion of the Internet of Things (IoT) has significantly increased the prevalence of malware targeting IoT devices. Although machine learning models offer promising solutions for automatic malware detection, they are increasingly vulnerable to adversarial attacks. These attacks exploit the model’s feedback loop to iteratively refine malware, producing adversarial samples that evade detection. As such, enhancing the robustness of these models is of paramount importance. Our research introduces a novel approach to bolster malware detection by retaining additional semantic information within the execution order analysis of malware programs. The method significantly improves the resilience of detection models against adversarial samples and implements two adversarial attack methods to rigorously test our model’s robustness by generating authentic adversarial examples for validation. We highlight the critical impact of preserving semantic integrity in malware detection and present a solution to counteract the growing threat of adversarial attacks in IoT environments.

computer science, software engineering, hardware & architecture

Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.1038/s41598-024-57864-8

IF: 4.6

2024-04-04

Scientific Reports

Abstract:The rapid expansion of AI-enabled Internet of Things (IoT) devices presents significant security challenges, impacting both privacy and organizational resources. The dynamic increase in big data generated by IoT devices poses a persistent problem, particularly in making decisions based on the continuously growing data. To address this challenge in a dynamic environment, this study introduces a specialized BERT-based Feed Forward Neural Network Framework (BEFNet) designed for IoT scenarios. In this evaluation, a novel framework with distinct modules is employed for a thorough analysis of 8 datasets, each representing a different type of malware. BEFSONet is optimized using the Spotted Hyena Optimizer (SO), highlighting its adaptability to diverse shapes of malware data. Thorough exploratory analyses and comparative evaluations underscore BEFSONet's exceptional performance metrics, achieving 97.99% accuracy, 97.96 Matthews Correlation Coefficient, 97% F1-Score, 98.37% Area under the ROC Curve(AUC-ROC), and 95.89 Cohen's Kappa. This research positions BEFSONet as a robust defense mechanism in the era of IoT security, offering an effective solution to evolving challenges in dynamic decision-making environments.

multidisciplinary sciences

Marwan Omar

DOI: https://doi.org/10.48550/arXiv.2301.12039

2023-01-28

Abstract:Due to its simple installation and connectivity, the Internet of Things (IoT) is susceptible to malware attacks. Being able to operate autonomously. As IoT devices have become more prevalent, they have become the most tempting targets for malware. Weak, guessable, or hard-coded passwords, and a lack of security measures contribute to these vulnerabilities along with insecure network connections and outdated update procedures. To understand IoT malware, current methods and analysis ,using static methods, are ineffective. The field of deep learning has made great strides in recent years due to their tremendous data mining, learning, and expression capabilities, cybersecurity has enjoyed tremendous growth in recent years. As a result, malware analysts will not have to spend as much time analyzing malware. In this paper, we propose a novel detection and analysis method that harnesses the power and simplicity of decision trees. The experiments are conducted using a real word dataset, MaleVis which is a publicly available dataset. Based on the results, we show that our proposed approach outperforms existing state-of-the-art solutions in that it achieves 97.23% precision and 95.89% recall in terms of detection and classification. A specificity of 96.58%, F1-score of 96.40%, an accuracy of 96.43.

Cryptography and Security,Machine Learning