Xiaoheng Deng,Xinjun Pei,Shengwei Tian,Lan Zhang

DOI: https://doi.org/10.1109/tii.2022.3216818

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The advent of 5G brought new opportunities to leapfrog beyond current industrial Internet of Things (IoT). However, the ever growing IoT has also attracted adversaries to develop new malware attacks against various IoT applications. Although deep learning-based methods are expected to combat the sophisticated malwares by exploring the latent attack patterns, such detection can be hardly supported by battery-powered end devices, like Andriod-based smartphones. Edge computing enables near-real-time analysis of IoT data by migrating AI-enabled computation-intensive tasks from resource-constrained IoT devices to nearby edge servers, However, due to varying channel conditions and the demanding latency requirements of malware detection, it is challenging to coordinate the computing task offloading among multiple users. By leveraging the computation capacity and the proximity benefits of edge computing, we propose a hierarchical security framework for IoT malware detection. Considering the complexity of AI-enabled malware detection task, we provide a delay-aware computational offloading strategy with minimum delay. Specifically, we construct a coordinated representation learning model, named by Two Stream Attention-Caps (TSA-Caps) to capture the latent behavioral patterns of evolving malware attacks. Experimental results show that our system consistently outperforms the state-of-the-art systems in detection performance on four benchmark datasets.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Xiaoheng Deng,Haowen Tang,Xinjun Pei,Deng Li,Kaiping Xue

DOI: https://doi.org/10.1109/tifs.2023.3318947

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the coming of the Internet of Things (IoT) era, malware attacks targeting IoT networks have posed serious threats to users. Recently, the emerging of edge computing have paved the way for new data processing paradigms in IoT networks, but it is still a challenge for deploying malware detection systems on the IoT devices. This paper develops an IoT malware detection system based on trust hybrid user-edge evaluation, namely MDHE. This system decomposes a large and complex deep learning model into two parts, which are deployed on edge servers and end devices, respectively. Specifically, a trust evaluation mechanism is used to select the trusted devices to participate the model training. Moreover, we develop a private feature generation that leverages a graph mining technology to extract the subgraph features, which then are perturbed by leveraging the differential privacy technology to prevent user privacy from leaking. Finally, we reconstruct the perturbed features on edge server, and propose a Capsule Network (CapsNet) to identify malware. Experimental results show that MDHE can effectively detect malware. Specifically, it can reduce sensitive inference while maintaining the utility of data.

computer science, theory & methods,engineering, electrical & electronic

Feng Pi,Shengwei Tian,Xinjun Pei,Peng Chen,Xin Wang,Xiaowei Wang

DOI: https://doi.org/10.3233/jifs-233556

2023-10-04

Journal of Intelligent & Fuzzy Systems

Abstract:With the development of the Internet of Things (IoT), mobile devices are playing an increasingly important role in our daily lives. There are various malware threats present in these mobile devices, which can steal users' personal information. Some malware exploits Inter-Component Communication (ICC) to execute malicious activities for unauthorized data access and system control, enabling communication between different components within an app and between different apps. In this paper, we propose an Adaptive Transformer-based malware framework (named AdaTrans) that combines sensitive Application Programming Interface (API)- and ICC-related features. The framework first extracts sensitive function call subgraphs (SFCS) to reflect the caller-callee relationships, and then utilizes ICC interactions to reveal hidden communication patterns in malicious activities. Moreover, we propose a novel adaptive Transformer model to detect malicious behaviors. We evaluate our framework on real-world datasets and demonstrate that AdaTrans consistently outperforms other existing state-of-the-art systems.

Ethan Weitkamp,Yusuke Satani,Adam Omundsen,Jingwen Wang,Peilong Li

2023-04-03

Abstract:The machine learning approach is vital in Internet of Things (IoT) malware traffic detection due to its ability to keep pace with the ever-evolving nature of malware. Machine learning algorithms can quickly and accurately analyze the vast amount of data produced by IoT devices, allowing for the real-time identification of malicious network traffic. The system can handle the exponential growth of IoT devices thanks to the usage of distributed systems like Apache Kafka and Apache Spark, and Intel's oneAPI software stack accelerates model inference speed, making it a useful tool for real-time malware traffic detection. These technologies work together to create a system that can give scalable performance and high accuracy, making it a crucial tool for defending against cyber threats in smart communities and medical institutions.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Yantian Luo,Xu Chen,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ICC45855.2022.9838882

2022-01-01

Abstract:Due to the heterogeneity of Internet of Things (IoT) devices and the diversity of IoT communication protocols, it is challenging to defend against malicious traffic from IoT devices. In this paper, a novel malicious traffic detection method is proposed based on the deep learning method. Specifically, a Transformer-based encoder is designed to automatically select key features of IoT traffic for the detection task, which avoids the cumbersome feature screening process that has been widely used in traditional machine learning methods. To address the complexity of the feature space and improve the efficiency of model training, we exploit the correlation between the characteristics of malicious traffic and the device type of IoT bots to further improve the detection accuracy by introducing a device classification auxiliary loss in the training phase. Experimental results show that our method outperforms the state-of-the-art machine learning-based methods in terms of accuracy, precision, recall and f1-score on real IoT traffic traces. In addition, the benefit of device type information on detection efficiency is verified.

Sreenitha Kasarapu,Sanket Shukla,Sai Manoj Pudukotai Dinakarrao

2024-04-13

Abstract:In recent years, networked IoT systems have revolutionized connectivity, portability, and functionality, offering a myriad of advantages. However, these systems are increasingly targeted by adversaries due to inherent security vulnerabilities and limited computational and storage resources. Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. While numerous malware detection techniques have been proposed, existing approaches often overlook the resource constraints inherent in IoT environments, assuming abundant resources for detection tasks. This oversight is compounded by ongoing workloads such as sensing and on-device computations, further diminishing available resources for malware detection. To address these challenges, we present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks. Our approach begins by analyzing available resources for malware detection using a lightweight regression model. Depending on resource availability, ongoing workload executions, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To safeguard data integrity and user privacy, rather than transferring the entire malware detection task, the classifier is partitioned and distributed across multiple nodes, and subsequently integrated at the parent node for comprehensive malware detection. Experimental analysis demonstrates the efficacy of our proposed technique, achieving a remarkable speed-up of 9.8x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yantian Luo,Xu Chen,Hancun Sun,Xiangling Li,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ojcoms.2024.3365976

2024-01-01

IEEE Open Journal of the Communications Society

Abstract:Malicious traffic has posed a significant threat to current 5G networks. In the upcoming 6G era, with the rapid development of the Internet of Things (IoT), defending against malicious traffic has become even more challenging due to the diverse nature and widespread distribution of IoT devices. This paper presents a new distributed framework for detecting malicious traffic on the access side of the IoT. This framework shifts the line of defense forward, and could alleviate the resource-bottleneck problem of traditional detectors that are usually deployed at the victim side. In particular, we devise a transformer-based neural network, which is tailored for distributed malicious traffic detection at multiple detection points. Additionally, we develop a personalized federated learning-based collaborative algorithm to enable horizontal collaboration among multiple detection points by sharing neural network parameters. Different from the traditional federated learning framework which trains a high-precision global model, our proposed framework fully considers the differences in the distribution of IoT traffic at the entrance, and uses local traffic data to train personalized models with better local detection performance on the basis of the global model. The experimental results demonstrate that our approach achieves an average detection accuracy of 99.2% and an F1-score of 99.2% for all detection points using the N-BaIoT dataset. In comparison to methods lacking collaboration, our approach exhibits significant improvements in terms of accuracy, precision, recall, and F1-score. Moreover, our detection performance is comparable to that of centralized learning frameworks, despite sharing only the model parameters.

Peifeng Liang,Lina Yang,Zenggang Xiong,Xuemin Zhang,Gang Liu

DOI: https://doi.org/10.1109/jiot.2024.3369034

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) technology and systems have penetrated every aspect of our lives and generated enormous economic benefits. At the same time, research on the data security of IoT systems has been one of the key topics in IoT fields. Network attacks and intrusions have become the main threats to the data security of the IoTs, which have become the main obstacles to the development and application of the IoTs. In this article, we propose an intrusions and attack detection model to ensure the data security of IoT systems by using the Transformer model and multiwavelets learning. Based on the architecture of IoT systems, we first proposed a multi-level intrusion detection model to detect attack data in the cloud layer and edge terminal layer. In this detection model, a Transformer model and discrete wavelet transform (DWT) based approach is proposed to ensure the effectiveness and accuracy of the model. To extract and make full use of frequency information of traffic data in an IoT network, we embed DWT technique and multiwavelets learning into the Transformer model to propose a novel DWT-based Transformer architecture, which achieves outstanding performance in detecting intrusion actions. Simulating on IoT system in laboratory environment, the proposed security prediction model achieves pretty good performance in predicting intrusion actions.

computer science, information systems,telecommunications,engineering, electrical & electronic

MUHAMMAD MUMTAZ ALI,WANG ZHENFEI,HOU WEIYAN,ZEESHAN SHAUKAT,AYESHA SHABBIR,AQSA RASHEED,FAIQA MAQSOOD,QASIM ZIA,HAMEED UR REHMAN

DOI: https://doi.org/10.21203/rs.3.rs-2145279/v1

2022-01-01

Abstract:Abstract Internet of Things (IoT) devices are used to sense, gather, transmit and control data. IoT improves user experiences by connecting and sharing information across smart devices. Malware attacks easily target IoT-connected consoles to get control or damage privacy. Effective IoT device protection might rescue millions of internet users from malware. Malware detection methods are computationally expensive and complex. Many different machine learning models were used to deduct malware or viruses. As innovation advances, threat intelligence and malware researchers struggle. Traditional security measures like firewalls and Intrusion Detection Systems (IDS) must be changed to work with the current IoT models. Also, the Internet of Things and Cloud/Fog Computing go well together. They are often used interchangeably when talking about technical services and work together to make IoT services more complete. This study suggests deep learning-based approaches for detecting IoT malware in order to prevent harm to IoT devices. The proposed algorithms AlexNet, ResNet-18, and Convolution Neural Network (CNN) are applied to the well-known public dataset "Mal_Img". The experimental findings show that the accuracy of the suggested method is superior to that of earlier state-of-the-art and deep learning methods. The highest attained accuracies for proposed methods proposed algorithms AlexNet, ResNet-18, and Convolution Neural Network are 97.74%, 88.74%, and 98.02%. Our framework has currently been demonstrated to be a useful research tool for the BitDefender AntiMalware Research Labs' computer security specialists. In the future, more advanced malware (polymorphic and metamorphic) can be detected using the same models.

Xinjun Pei,Xiaoheng Deng,Shengwei Tian,Lan Zhang,Kaiping Xue

DOI: https://doi.org/10.1109/tdsc.2022.3173664

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:As the demand for Internet of Things (IoT) technologies continues to grow, IoT devices have been viable targets for malware infections. Although deep learning-based malware detection has achieved great success, the detection models are usually trained based on the collected user records, thereby leading to significant privacy risks. One promising solution is to leverage federated learning (FL) to enable distributed on-device training without centralizing the private user records. However, it is non-trivial for IoT users to label these records, where the quality and the trustworthiness of data labeling are hard to guarantee. To address the above issues, this paper develops a semi-supervised federated IoT malware detection framework based on knowledge transfer technologies, named by FedMalDE. Specifically, FedMalDE explores the underlying correlation between labeled and unlabeled records to infer labels towards unlabeled samples by the knowledge transfer mechanism. Moreover, a specially designed subgraph aggregated capsule network (SACN) is used to efficiently capture varied malicious behaviors. The extensive experiments conducted on real-world data demonstrate the effectiveness of FedMalDE in detecting IoT malware and its sufficient privacy and robustness guarantee.

Sreenitha Kasarapu,Sanket Shukla,Sai Manoj Pudukotai Dinakarrao

2024-04-13

Abstract:The widespread integration of IoT devices has greatly improved connectivity and computational capabilities, facilitating seamless communication across networks. Despite their global deployment, IoT devices are frequently targeted for security breaches due to inherent vulnerabilities. Among these threats, malware poses a significant risk to IoT devices. The lack of built-in security features and limited resources present challenges for implementing effective malware detection techniques on IoT devices. Moreover, existing methods assume access to all device resources for malware detection, which is often not feasible for IoT devices deployed in critical real-world scenarios. To overcome this challenge, this study introduces a novel approach to malware detection tailored for IoT devices, leveraging resource and workload awareness inspired by model parallelism. Initially, the device assesses available resources for malware detection using a lightweight regression model. Based on resource availability, ongoing workload, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To uphold data integrity and user privacy, instead of transferring the entire malware detection task, the classifier is divided and distributed across multiple nodes, then integrated at the parent node for detection. Experimental results demonstrate that this proposed technique achieves a significant speedup of 9.8 x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Kyle Stein,Arash Mahyari,Guillermo Francia III,Eman El-Sheikh

2024-03-27

Abstract:As malicious cyber threats become more sophisticated in breaching computer networks, the need for effective intrusion detection systems (IDSs) becomes crucial. Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets, providing more context for identifying potential threats. IDSs traditionally rely on using anomaly-based and signature-based detection techniques to detect unrecognized and suspicious activity. Deep learning techniques have shown great potential in DPI for IDSs due to their efficiency in learning intricate patterns from the packet content being transmitted through the network. In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic with a classifier head. Transformers learn the complex content of sequence data and generalize them well to similar scenarios thanks to their self-attention mechanism. Our proposed method uses the raw payload bytes that represent the packet contents and is deployed as man-in-the-middle. The payload bytes are used to detect malicious packets and classify their types. Experimental results on the UNSW-NB15 and CIC-IOT23 datasets demonstrate that our transformer-based model is effective in distinguishing malicious from benign traffic in the test dataset, attaining an average accuracy of 79\% using binary classification and 72\% on the multi-classification experiment, both using solely payload bytes.

Cryptography and Security,Artificial Intelligence,Machine Learning

Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.1038/s41598-024-57864-8

IF: 4.6

2024-04-04

Scientific Reports

Abstract:The rapid expansion of AI-enabled Internet of Things (IoT) devices presents significant security challenges, impacting both privacy and organizational resources. The dynamic increase in big data generated by IoT devices poses a persistent problem, particularly in making decisions based on the continuously growing data. To address this challenge in a dynamic environment, this study introduces a specialized BERT-based Feed Forward Neural Network Framework (BEFNet) designed for IoT scenarios. In this evaluation, a novel framework with distinct modules is employed for a thorough analysis of 8 datasets, each representing a different type of malware. BEFSONet is optimized using the Spotted Hyena Optimizer (SO), highlighting its adaptability to diverse shapes of malware data. Thorough exploratory analyses and comparative evaluations underscore BEFSONet's exceptional performance metrics, achieving 97.99% accuracy, 97.96 Matthews Correlation Coefficient, 97% F1-Score, 98.37% Area under the ROC Curve(AUC-ROC), and 95.89 Cohen's Kappa. This research positions BEFSONet as a robust defense mechanism in the era of IoT security, offering an effective solution to evolving challenges in dynamic decision-making environments.

multidisciplinary sciences

Faiza Habib,Syed Hamad Shirazi,Khursheed Aurangzeb,Asfandyar Khan,Bharat Bhushan,Musaed Alhussein

DOI: https://doi.org/10.1109/access.2024.3383831

IF: 3.9

2024-04-09

IEEE Access

Abstract:Today Internet of Things (IoT) has become a key part of the modern world as it enables web-based IoT devices to collect, transfer, and analyze the data of individuals, companies, and industries. IoT provides numerous services and applications via a massive number of interconnected devices and has become an innovative attack vector for cyber-attacks and threats such as malware attacks that are currently regarded as serious dangers to the security of IoT devices and systems. Such threats are sufficient to infiltrate individual private information that inflicts harm to both the financial standing and reputation in an organization. In literature, researchers have used multiple machine learning and deep learning models to tackle this security threat, however, still accurate classification and detection of metamorphic malware in IoT devices remains a challenge. In this article, we used a deep learning model to accurately detect metamorphic malware in IoT devices. We have employed six models including (VGG16, InceptionV3, CNN, ResNet50, MobileNet, and Efficient NetB0 on Malimg publicly available malware image dataset. The Internet of Things (IoT) would benefit from having a method that could identify metamorphic malware. It isn't possible to rely on detection techniques that are fixed or signature-based. Throughout this research, a straightforward technique for carrying out dynamic analysis to comprehend the behavior of code is suggested. To determine if executable are malicious, it is necessary to first measure the behavior of executable and then utilize this information to make that determination. Additionally, the purpose of this study is to create a classifier that makes utilization of deep learning techniques to analyze complicated behavior reports. The obtained results depict that the proposed model achieves a promising accuracy of 99% and F1-score of 97% employed on the standard Malimg dataset as compared to other existing machine and deep learning models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaoheng Deng,Bin Chen,Xuechen Chen,Xinjun Pei,Shaohua Wan,Sotirios K. Goudos

DOI: https://doi.org/10.1109/tii.2023.3245681

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Things (IoT) mainly consists of a large number of Internet-connected devices. The proliferation of untrusted third-party IoT applications has led to an increase in IoT-based malware attacks. In addition, it is infeasible for the IoT devices to support the sophisticated detection systems due to the restricted resources. Edge computing is considered to be promising. It provides solutions to the data security and privacy leakage brought by untrusted third-party IoT applications. In this article, an intelligent trusted and secure edge computing (ITEC) system is proposed for IoT malware detection. In this system, a signature-based preidentification mechanism is built for matching and identifying the malicious behaviors of untrusted third-party IoT applications. A delay strategy is then embedded into the risk detection engine in order to “buy time” for threat analysis and rate-limit the impact of suspicious third-party IoT applications in the system. We conduct extensive experiments to verify the effectiveness of the ITEC system and show that we can achieve accuracies of up to 98.52%.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.3390/systems11110547

2023-11-11

Systems

Abstract:The Internet of Things (IoT) constitutes the foundation of a deeply interconnected society in which objects communicate through the Internet. This innovation, coupled with 5G and artificial intelligence (AI), finds application in diverse sectors like smart cities and advanced manufacturing. With increasing IoT adoption comes heightened vulnerabilities, prompting research into identifying IoT malware. While existing models excel at spotting known malicious code, detecting new and modified malware presents challenges. This paper presents a novel six-step framework. It begins with eight malware attack datasets as input, followed by insights from Exploratory Data Analysis (EDA). Feature engineering includes scaling, One-Hot Encoding, target variable analysis, feature importance using MDI and XGBoost, and clustering with K-Means and PCA. Our GhostNet ensemble, combined with the Gated Recurrent Unit Ensembler (GNGRUE), is trained on these datasets and fine-tuned using the Jaya Algorithm (JA) to identify and categorize malware. The tuned GNGRUE-JA is tested on malware datasets. A comprehensive comparison with existing models encompasses performance, evaluation criteria, time complexity, and statistical analysis. Our proposed model demonstrates superior performance through extensive simulations, outperforming existing methods by around 15% across metrics like AUC, accuracy, recall, and hamming loss, with a 10% reduction in time complexity. These results emphasize the significance of our study’s outcomes, particularly in achieving cost-effective solutions for detecting eight malware strains.

Xiaoheng Deng,Bin Chen,Xuechen Chen,Xinjun Pei,Shaohua Wan,Sotirios K. Goudos

DOI: https://doi.org/10.1109/tii.2023.3245681

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Things (IoT) mainly consists of a large number of Internet-connected devices. The proliferation of untrusted third-party IoT applications has led to an increase in IoT-based malware attacks. In addition, it is infeasible for the IoT devices to support the sophisticated detection systems due to the restricted resources. Edge computing is considered to be promising. It provides solutions to the data security and privacy leakage brought by untrusted third-party IoT applications. In this article, an intelligent trusted and secure edge computing (ITEC) system is proposed for IoT malware detection. In this system, a signature-based preidentification mechanism is built for matching and identifying the malicious behaviors of untrusted third-party IoT applications. A delay strategy is then embedded into the risk detection engine in order to “buy time” for threat analysis and rate-limit the impact of suspicious third-party IoT applications in the system. We conduct extensive experiments to verify the effectiveness of the ITEC system and show that we can achieve accuracies of up to 98.52%.

Shtwai Alsubai,Ashit Kumar Dutta,Abdullah M Alnajim,Abdul Rahaman Wahab Sait,Rashid Ayub,Afnan Mushabbab AlShehri,Naved Ahmad

DOI: https://doi.org/10.7717/peerj-cs.1366

2023-05-29

Abstract:The Internet of Things (IoT) environment demands a malware detection (MD) framework for protecting sensitive data from unauthorized access. The study intends to develop an image-based MD framework. The authors apply image conversion and enhancement techniques to convert malware binaries into RGB images. You only look once (Yolo V7) is employed for extracting the key features from the malware images. Harris Hawks optimization is used to optimize the DenseNet161 model to classify images into malware and benign. IoT malware and Virusshare datasets are utilized to evaluate the proposed framework's performance. The outcome reveals that the proposed framework outperforms the current MD framework. The framework generates the outcome at an accuracy and F1-score of 98.65 and 98.5 and 97.3 and 96.63 for IoT malware and Virusshare datasets, respectively. In addition, it achieves an area under the receiver operating characteristics and the precision-recall curve of 0.98 and 0.85 and 0.97 and 0.84 for IoT malware and Virusshare datasets, accordingly. The study's outcome reveals that the proposed framework can be deployed in the IoT environment to protect the resources.

Yawar Abbas Abid,Jinsong Wu,Muhammad Farhan,Tariq Ahmad

DOI: https://doi.org/10.1109/jiot.2023.3312152

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the proliferation of connected devices in the Internet of Things (IoT), cybersecurity threats have increased. Identifying malicious attacks in IoT requires advanced techniques tailored to this ecosystem. Existing algorithms have limited effectiveness in detecting obfuscated IoT malware. This study proposes the Elucidating Cybersecurity-promulgated Malware Taxonomy (ECMT) framework, combining memory analysis and ensemble machine learning, to enhance IoT malware categorization. ECMT integrates Support Vector Classification, Quadratic Discriminant Analysis, and AdaBoost on forensic artifacts from memory dumps to improve detection across families like ransomware, spyware, and trojans. ECMT can enable intrusion prevention, information protection, and cybercrime deterrence in IoT environments. Experiments on a balanced dataset indicate AdaBoost achieved 96% accuracy, demonstrating ECMT’s capabilities against complex IoT threats. The integrated approach provides automated, adaptable detection scalable to large IoT deployments through efficient linear models and robust ensemble learning. ECMT addresses concept drift and interpretability via retraining and explanation techniques. Results highlight advanced memory analysis and optimized machine learning classifiers as a promising solution for robust IoT malware detection despite adversaries’ evolving tactics. Further research can extend platform support, harden models against attacks, and refine streaming input. ECMT establishes a foundation for IoT security by unifying memory forensics, optimized neural architectures, and tailored ensemble learning.

computer science, information systems,telecommunications,engineering, electrical & electronic

D. Santhadevi,B. Janet

DOI: https://doi.org/10.1007/s11227-023-05153-y

IF: 3.3

2023-03-17

The Journal of Supercomputing

Abstract:Cyber-attacks on Internet of Things (IoT) devices are becoming increasingly common due to the rapidly growing number of connected devices and the lack of security measures in many of these devices. Attackers can exploit these flaws using the internet and remote access. The Edge Service is a critical component of NetFlow-based malware detection systems, responsible for several key functions. Firstly, it receives raw network traffic data from the Edge Gateway installed at the network perimeter. Secondly, it processes the raw data to make it suitable for deep learning models by converting it into an appropriate format, normalizing it and extracting relevant features. The Edge Service also develops the deep learning network for malware detection and classification using Vectorized Convolutional Neural Networks (VCNN), multi Long Short-Term Memory (LSTM) models, and mayfly optimization techniques, and trains it on benchmark datasets (NBaIoT-balanced, UNSW-NB15 and UNSW_BOT_IoT-imbalanced) of benign and malicious network traffic to learn the patterns and characteristics of each type of traffic. Once the deep learning network is developed, the Edge Service uses it to detect and classify malware in real time by analyzing network traffic data to identify patterns and anomalies that may indicate the presence of malware. The Edge Service includes a Master Edge Node (MEN) responsible for all these functions. Edge Service plays a crucial role in detecting and preventing malware attacks by providing real-time protection and alerting potential threats.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture