Xiaoheng Deng,Zhe Wang,Xinjun Pei,Kaiping Xue

DOI: https://doi.org/10.1109/tnse.2023.3292855

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:With the rapid development of the Internet of Things (IoT) and cloud applications, cloud service providers have rented out access to servers to IoT devices for computing and storage purposes, providing users with a variety of services and functionality. The prevalence of malware attacks against IoT devices has led to serious and critical concerns with respect to cyber security. In response to this growing threat, many IoT security providers are adopting cloud-based, centralized malware detection systems. However, this may cause back-and-forth communication, which violates the real-time requirement of malware detection. The ever-growing edge computing has resulted in the development of new and more efficient data processing. By exploiting the proximity benefits and the computation capacity of edge computing, we propose a hierarchical IoT malware detection framework (namely TransMalDE) to migrate user computation-intensive malware detection tasks to neighboring edge computing nodes, which improves the efficiency of malware detection. Moreover, considering the rigidity of the current network infrastructure and the complexity of AI-enabled malware detection tasks, we construct a Transformer-based detection model to capture the latent behavioral patterns of evolving malware attacks. Experimental results show that our TransMalDE consistently outperforms the existing state-of-the-art systems in malware detection on four benchmark datasets.

Lei Xue,Yajin Zhou,Ting Chen,Xiapu Luo,Guofei Gu

2017-01-01

Abstract:It's an essential step to understand malware's behaviors for developing effective solutions. Though a number of systems have been proposed to analyze Android malware, they have been limited by incomplete view of inspection on a single layer. What's worse, various new techniques (e.g., packing, anti-emulator, etc.) employed by the latest malware samples further make these systems ineffective. In this paper, we propose Malton, a novel on-device non-invasive analysis platform for the new Android runtime (i.e., the ART runtime). As a dynamic analysis tool, Malton runs on real mobile devices and provides a comprehensive view of malware's behaviors by conducting multi-layer monitoring and information flow tracking, as well as efficient path exploration. We have carefully evaluated Malton using real-world malware samples. The experimental results showed that Malton is more effective than existing tools, with the capability to analyze sophisticated malware samples and provide a comprehensive view of malicious behaviors of these samples

Peng Chen,Shengwei Tian,Xin Wang,Xinjun Pei,Weitao Nong,Hao Zhang

DOI: https://doi.org/10.1007/s10586-024-04530-3

2024-06-03

Cluster Computing

Abstract:With the development of science and technology, the number of smartphones has increased dramatically. This also exposes Android-based smartphones to an increasing number of malware attacks. Currently, feature extraction schemes based on sensitive API calls have become mainstream in malware detection. However, such an approach can only capture the behavior of malware when the API is called, but it cannot detect malicious behavior implemented through other means. In the real world, attackers often use the Inter-Component Communication (ICC) mechanism to hide and conceal their malicious intent. In this paper, we propose a novel malware detection framework (named ADACapsNet). This framework first employs an entropy-based approach to extract sensitive API features to reflect the behavior patterns of malware and then captures the information flow across components by monitoring the ICC interactions in the Android systems. We transform sensitive API calls and ICC features into vector representations that are used as inputs to the learning model. Moreover, we propose an adaptive capsule network to mine deep program semantics, which uses an adaptive factor to dynamically assign weights for features, enhancing the model's ability to focus on relevant features and capture complex spatial relationships. We conducted a number of experiments to demonstrate the effectiveness of the proposed ADACapsNet in detecting malware. Experimental results show that the proposed method is robust against malware attacks.

computer science, information systems, theory & methods

Liping Qian,Lin Cong

DOI: https://doi.org/10.3390/s24020580

IF: 3.9

2024-01-18

Sensors

Abstract:Malicious software (malware), in various forms and variants, continues to pose significant threats to user information security. Researchers have identified the effectiveness of utilizing API call sequences to identify malware. However, the evasion techniques employed by malware, such as obfuscation and complex API call sequences, challenge existing detection methods. This research addresses this issue by introducing CAFTrans, a novel transformer-based model for malware detection. We enhance the traditional transformer encoder with a one-dimensional channel attention module (1D-CAM) to improve the correlation between API call vector features, thereby enhancing feature embedding. A word frequency reinforcement module is also implemented to refine API features by preserving low-frequency API features. To capture subtle relationships between APIs and achieve more accurate identification of features for different types of malware, we leverage convolutional neural networks (CNNs) and long short-term memory (LSTM) networks. Experimental results demonstrate the effectiveness of CAFTrans, achieving state-of-the-art performance on the mal-api-2019 dataset with an F1 score of 0.65252 and an AUC of 0.8913. The findings suggest that CAFTrans improves accuracy in distinguishing between various types of malware and exhibits enhanced recognition capabilities for unknown samples and adversarial attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yantian Luo,Xu Chen,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ICC45855.2022.9838882

2022-01-01

Abstract:Due to the heterogeneity of Internet of Things (IoT) devices and the diversity of IoT communication protocols, it is challenging to defend against malicious traffic from IoT devices. In this paper, a novel malicious traffic detection method is proposed based on the deep learning method. Specifically, a Transformer-based encoder is designed to automatically select key features of IoT traffic for the detection task, which avoids the cumbersome feature screening process that has been widely used in traditional machine learning methods. To address the complexity of the feature space and improve the efficiency of model training, we exploit the correlation between the characteristics of malicious traffic and the device type of IoT bots to further improve the detection accuracy by introducing a device classification auxiliary loss in the training phase. Experimental results show that our method outperforms the state-of-the-art machine learning-based methods in terms of accuracy, precision, recall and f1-score on real IoT traffic traces. In addition, the benefit of device type information on detection efficiency is verified.

Peifeng Liang,Lina Yang,Zenggang Xiong,Xuemin Zhang,Gang Liu

DOI: https://doi.org/10.1109/jiot.2024.3369034

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) technology and systems have penetrated every aspect of our lives and generated enormous economic benefits. At the same time, research on the data security of IoT systems has been one of the key topics in IoT fields. Network attacks and intrusions have become the main threats to the data security of the IoTs, which have become the main obstacles to the development and application of the IoTs. In this article, we propose an intrusions and attack detection model to ensure the data security of IoT systems by using the Transformer model and multiwavelets learning. Based on the architecture of IoT systems, we first proposed a multi-level intrusion detection model to detect attack data in the cloud layer and edge terminal layer. In this detection model, a Transformer model and discrete wavelet transform (DWT) based approach is proposed to ensure the effectiveness and accuracy of the model. To extract and make full use of frequency information of traffic data in an IoT network, we embed DWT technique and multiwavelets learning into the Transformer model to propose a novel DWT-based Transformer architecture, which achieves outstanding performance in detecting intrusion actions. Simulating on IoT system in laboratory environment, the proposed security prediction model achieves pretty good performance in predicting intrusion actions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kyle Stein,Arash Mahyari,Guillermo Francia III,Eman El-Sheikh

2024-03-27

Abstract:As malicious cyber threats become more sophisticated in breaching computer networks, the need for effective intrusion detection systems (IDSs) becomes crucial. Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets, providing more context for identifying potential threats. IDSs traditionally rely on using anomaly-based and signature-based detection techniques to detect unrecognized and suspicious activity. Deep learning techniques have shown great potential in DPI for IDSs due to their efficiency in learning intricate patterns from the packet content being transmitted through the network. In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic with a classifier head. Transformers learn the complex content of sequence data and generalize them well to similar scenarios thanks to their self-attention mechanism. Our proposed method uses the raw payload bytes that represent the packet contents and is deployed as man-in-the-middle. The payload bytes are used to detect malicious packets and classify their types. Experimental results on the UNSW-NB15 and CIC-IOT23 datasets demonstrate that our transformer-based model is effective in distinguishing malicious from benign traffic in the test dataset, attaining an average accuracy of 79\% using binary classification and 72\% on the multi-classification experiment, both using solely payload bytes.

Cryptography and Security,Artificial Intelligence,Machine Learning

Yantian Luo,Xu Chen,Hancun Sun,Xiangling Li,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ojcoms.2024.3365976

2024-01-01

IEEE Open Journal of the Communications Society

Abstract:Malicious traffic has posed a significant threat to current 5G networks. In the upcoming 6G era, with the rapid development of the Internet of Things (IoT), defending against malicious traffic has become even more challenging due to the diverse nature and widespread distribution of IoT devices. This paper presents a new distributed framework for detecting malicious traffic on the access side of the IoT. This framework shifts the line of defense forward, and could alleviate the resource-bottleneck problem of traditional detectors that are usually deployed at the victim side. In particular, we devise a transformer-based neural network, which is tailored for distributed malicious traffic detection at multiple detection points. Additionally, we develop a personalized federated learning-based collaborative algorithm to enable horizontal collaboration among multiple detection points by sharing neural network parameters. Different from the traditional federated learning framework which trains a high-precision global model, our proposed framework fully considers the differences in the distribution of IoT traffic at the entrance, and uses local traffic data to train personalized models with better local detection performance on the basis of the global model. The experimental results demonstrate that our approach achieves an average detection accuracy of 99.2% and an F1-score of 99.2% for all detection points using the N-BaIoT dataset. In comparison to methods lacking collaboration, our approach exhibits significant improvements in terms of accuracy, precision, recall, and F1-score. Moreover, our detection performance is comparable to that of centralized learning frameworks, despite sharing only the model parameters.

Ethan Weitkamp,Yusuke Satani,Adam Omundsen,Jingwen Wang,Peilong Li

2023-04-03

Abstract:The machine learning approach is vital in Internet of Things (IoT) malware traffic detection due to its ability to keep pace with the ever-evolving nature of malware. Machine learning algorithms can quickly and accurately analyze the vast amount of data produced by IoT devices, allowing for the real-time identification of malicious network traffic. The system can handle the exponential growth of IoT devices thanks to the usage of distributed systems like Apache Kafka and Apache Spark, and Intel's oneAPI software stack accelerates model inference speed, making it a useful tool for real-time malware traffic detection. These technologies work together to create a system that can give scalable performance and high accuracy, making it a crucial tool for defending against cyber threats in smart communities and medical institutions.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Yupeng Hu,Zhe Jin,Wenjia Li,Yang Xiang,Jiliang Zhang

DOI: https://doi.org/10.48550/arXiv.2006.12831

2020-06-23

Abstract:In this paper, we present the design and implementation of a Systematic Inter-Component Communication Analysis Technology (SIAT) consisting of two key modules: \emph{Monitor} and \emph{Analyzer}. As an extension to the Android operating system at framework layer, the \emph{Monitor} makes the first attempt to revise the taint tag approach named TaintDroid both at method-level and file-level, to migrate it to the app-pair ICC paths identification through systemwide tracing and analysis of taint in intent both at the data flow and control flow. By taking over the taint logs offered by the \emph{Monitor}, the \emph{Analyzer} can build the accurate and integrated ICC models adopted to identify the specific threat models with the detection algorithms and predefined rules. Meanwhile, we employ the models' deflation technology to improve the efficiency of the \emph{Analyzer}. We implement the SIAT with Android Open Source Project and evaluate its performance through extensive experiments on well-known datasets and real-world apps. The experimental results show that, compared to state-of-the-art approaches, the SIAT can achieve about 25\%$\sim$200\% accuracy improvements with 1.0 precision and 0.98 recall at the cost of negligible runtime overhead. Moreover, the SIAT can identify two undisclosed cases of bypassing that prior technologies cannot detect and quite a few malicious ICC threats in real-world apps with lots of downloads on the Google Play market.

Cryptography and Security

Huanran Wang,Weizhe Zhang,Hui He,Peng Liu,Daniel Xiapu Luo,Yang Liu,Jiawei Jiang,Yan Li,Xing Zhang,Wenmao Liu,Runzi Zhang,Xing Lan

DOI: https://doi.org/10.1109/jiot.2021.3063840

IF: 10.6

2021-10-15

IEEE Internet of Things Journal

Abstract:Recent years have witnessed lots of attacks targeted at the widespread Internet of Things (IoT) devices and malicious activities conducted by compromised IoT devices. After some notorious IoT malware released their source code, many new variants emerge, which are usually more powerful and stealthy. Although numerous existing studies have analyzed some exposed families, there is a lack of systematic study to make full use of them, which can be a fundamental step for provenance, triage, labeling, lineage analysis, and authorship attribution. The key challenge of conducting an IoT malware evolutionary study is how to collect sufficient and accurate information about malware and identify the relationships among them. In this article, we take the first step to investigate the IoT malware evolution by leveraging the information from two sources that complement each other. First, we crawl online articles about IoT malware and employ natural language processing techniques to extract the features of malware samples and their relationships with other malware family, which allow us to form the basic lineage graph. Second, we collect real malware samples through our widely deployed honeypots and design a new classifier to group them into families and identify lineage relationships among them. Such results are used to enhance the basic lineage graph. Eventually, we construct the final lineage graph for 72 IoT malware families by correlating the information from the aforementioned sources, which can help the research community better understand and fight IoT malware now and in the future. Our study has been incorporated into the threat awareness system of NSFOCUS company.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hui Cao

DOI: https://doi.org/10.1109/ACCESS.2024.3436541

IF: 3.9

IEEE Access

Abstract:With the continuous evolution of network attack methods, traditional rule-based and signature-based security strategies are becoming increasingly hard to deal with increasingly complex network threats. The research focuses on the problem of network traffic anomaly detection in network security, and proposes an improved Transformer and Generative Adversarial Networks network traffic anomaly detection model. The innovation lies in utilizing the Patch segmentation in the Transformer module to reduce information loss, while introducing random masked data blocks to enhance the anti-interference ability of Generative Adversarial Networks, and proposing a class balance model. Therefore, a Transformer Multi Receive Field Fusion (Trans-M) model for network traffic anomaly detection is constructed. The performance test results showed that after category balancing, the accuracy, recall, and F1-score of each model were been significantly improved. The accuracy of the Trans-M model on the balanced dataset arrived 98.12%, an improvement of 8.59% compared to before balancing. The recall rate of the Trans-M model was improved by 8.62% to 97.86%. On Balanced F Score (F1-score), the highest score of the Trans-M model was 98.46%, which was 8.18% higher than before balancing. The experiment outcomes demonstrate that the raised network traffic anomaly detection system is superior to common anomaly traffic detection models and can meet the actual network security protection needs.

Computer Science,Engineering

Mohammed Alshomrani,Aiiad Albeshri,Badraddin Alturki,Fouad Shoie Alallah,Abdulaziz A. Alsulami

DOI: https://doi.org/10.3390/electronics13234677

IF: 2.9

2024-11-28

Electronics

Abstract:In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which have proven useful in the identification of malware. In view of this shift in the cybersecurity paradigm, this study proposes to discuss the utilization of transformer models to improve malware detection effectiveness and the accuracy and efficiency in detecting malicious software. In this regard, this study adopts the application of transformers in identifying different forms of malicious software: ransomware, spyware, and trojans. Transformers are endowed with the ability to handle sequential data and capture intricate patterns. By employing deep learning techniques and conducting thorough contextual analysis, these models enhance the detection process by identifying subtle indications of compromise, which traditional methods may overlook. This research also explains the challenges and limitations related to the application of transformer-based models in real-world cybersecurity settings, which include computing requirements and large-scale labeled datasets' requirements. By the end, the article suggests potential future research avenues in order to improve and integrate these models into cybersecurity systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Tzu-Ling Wan,Tao Ban,Shin-Ming Cheng,Yen-Ting Lee,Bo Sun,Ryoichi Isawa,Takeshi Takahashi,Daisuke Inoue

DOI: https://doi.org/10.1109/ojcs.2020.3033974

2020-01-01

IEEE Open Journal of the Computer Society

Abstract:Simple implementation and autonomous operation features make the Internet-of-Things (IoT) vulnerable to malware attacks. Static analysis of IoT malware executable files is a feasible approach to understanding the behavior of IoT malware for mitigation and prevention. However, current analytic approaches based on opcodes or call graphs typically do not work well with diversity in central processing unit (CPU) architectures and are often resource intensive. In this paper, we propose an efficient method for leveraging machine learning methods to detect and classify IoT malware programs. We show that reliable and efficient detection and classification can be achieved by exploring the essential discriminating information stored in the byte sequences at the entry points of executable programs. We demonstrate the performance of the proposed method using a large-scale dataset consisting of 111K benignware and 111K malware programs from seven CPU architectures. The proposed method achieves near optimal generalization performance for malware detection (99.96 accuracy) and for malware family classification (98.47 accuracy). Moreover, when CPU architecture information is considered in learning, the proposed method combined with support vector machine classifiers can yield even higher generalization performance using fewer bytes from the executable files. The findings in this paper are promising for implementing light-weight malware protection on IoT devices with limited resources.

Ziming Zhao,Zhaoxuan Li,Tingting Li,Fan Zhang

DOI: https://doi.org/10.1109/tcad.2024.3444712

IF: 2.9

2024-11-09

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. A series of solutions based on system calls, system logs, or hardware performance counters achieve promising results. However, such internal monitors are easily tampered with, especially against adaptive adversaries. In addition, existing system log records typically exhibit substantial volume, resulting in data explosion problems. In this article, we present TPE-Det, a side-channel-based external monitor to cope with these issues. Specifically, TPE-Det leverages the serial peripheral interface bus to extract the on-chip traces and designs a recovery pipeline for operating logs. The advantages of this external monitor are adversary-unperceived and tamper-proof. The restored logs mainly include file operation commands, which are lightweight compared to complete records. Meanwhile, we deploy a series of machine learning models with respect to statistical, sequence, and graph features to identify malware. Empirical evaluation shows that our proposal has tamper-proof capability, high-detection accuracy, and low-time/space overhead compared to state-of-the-art methods.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yongfeng Li,Tong Shen,Xin Sun,Xuerui Pan,Bing Mao

DOI: https://doi.org/10.1007/978-3-319-28865-9_2

2015-01-01

Abstract:With the popularity of Android devices, more and more Android malware are manufactured every year. How to filter out malicious app is a serious problem for app markets. In this paper, we propose DroidADDMiner, an efficient and precise system to detect, classify and characterize Android malware. DroidADDMiner is a machine learning based system that extracts features based on data dependency between sensitive APIs. It extracts API data dependence paths embedded in app to construct feature vectors for machine learning. While DroidSIFT [13] also attempts automated detection of Android applications according to data flow analysis, DroidADDMiner can not only reduce the run time but also characterize malware’s behaviors automatically. We implement DroidADDMiner based on FlowDroid [14] and evaluate it using 5648 malware samples and 14280 benign apps. Experiments show that, for malware detection, DroidADDMiner achieves a 98% detection rate, with a 0.3% false positive rate. For malware classification, the accuracy of classifying malicious apps under their proper family labels is 96%. Although performing data flow analysis, most of the experimental samples can be examined in 60 seconds.

Ruoyu Li,Qing Li,Jianer Zhou,Yong Jiang

DOI: https://doi.org/10.1109/jiot.2021.3122148

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) has entered a stage of rapid development and increasing deployment. Meanwhile, these low-power devices typically cannot support complex security mechanisms and, thus, are highly susceptible to malware. This article proposes ADRIoT, an anomaly detection framework for IoT networks, which leverages edge computing to uncover potential threats. An edge is empowered with an anomaly detection module, which consists of a traffic capturer, a traffic preprocessor, and a collection of anomaly detectors dedicated to each type of device. Each detector is constructed by an LSTM autoencoder in an unsupervised manner that requires no labeled attack data and is able to handle emerging zero-day attacks. When a device connects to the edge, the edge will fetch the corresponding detector from the cloud and execute it locally. Another problem is the resource constraint of a single edge device like a home router hinders the deployment of such a detection module. To mitigate this problem, we design a multiedge collaborative mechanism that integrates the resource of multiple edges in a local network to increase the overall load capacity. The evaluation demonstrates that ADRIoT can detect various IoT-based attacks effectively and efficiently, showing that ADRIoT can feasibly help build a more secure IoT environment.

Yawar Abbas Abid,Jinsong Wu,Muhammad Farhan,Tariq Ahmad

DOI: https://doi.org/10.1109/jiot.2023.3312152

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:With the proliferation of connected devices in the Internet of Things (IoT), cybersecurity threats have increased. Identifying malicious attacks in IoT requires advanced techniques tailored to this ecosystem. Existing algorithms have limited effectiveness in detecting obfuscated IoT malware. This study proposes the Elucidating Cybersecurity-promulgated Malware Taxonomy (ECMT) framework, combining memory analysis and ensemble machine learning, to enhance IoT malware categorization. ECMT integrates Support Vector Classification, Quadratic Discriminant Analysis, and AdaBoost on forensic artifacts from memory dumps to improve detection across families like ransomware, spyware, and trojans. ECMT can enable intrusion prevention, information protection, and cybercrime deterrence in IoT environments. Experiments on a balanced dataset indicate AdaBoost achieved 96% accuracy, demonstrating ECMT’s capabilities against complex IoT threats. The integrated approach provides automated, adaptable detection scalable to large IoT deployments through efficient linear models and robust ensemble learning. ECMT addresses concept drift and interpretability via retraining and explanation techniques. Results highlight advanced memory analysis and optimized machine learning classifiers as a promising solution for robust IoT malware detection despite adversaries’ evolving tactics. Further research can extend platform support, harden models against attacks, and refine streaming input. ECMT establishes a foundation for IoT security by unifying memory forensics, optimized neural architectures, and tailored ensemble learning.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yanfang Ye,Shifu Hou,Lingwei Chen,Jingwei Lei,Wenqiang Wan,Jiabin Wang,Qi Xiong,Fudong Shao

DOI: https://doi.org/10.48550/arXiv.1811.01027

2019-05-21

Abstract:The explosive growth and increasing sophistication of Android malware call for new defensive techniques that are capable of protecting mobile users against novel threats. In this paper, we first extract the runtime Application Programming Interface (API) call sequences from Android apps, and then analyze higher-level semantic relations within the ecosystem to comprehensively characterize the apps. To model different types of entities (i.e., app, API, IMEI, signature, affiliation) and the rich semantic relations among them, we then construct a structural heterogeneous information network (HIN) and present meta-path based approach to depict the relatedness over apps. To efficiently classify nodes (e.g., apps) in the constructed HIN, we propose the HinLearning method to first obtain in-sample node embeddings and then learn representations of out-of-sample nodes without rerunning/adjusting HIN embeddings at the first attempt. Afterwards, we design a deep neural network (DNN) classifier taking the learned HIN representations as inputs for Android malware detection. A comprehensive experimental study on the large-scale real sample collections from Tencent Security Lab is performed to compare various baselines. Promising experimental results demonstrate that our developed system AiDroid which integrates our proposed method outperforms others in real-time Android malware detection. AiDroid has already been incorporated into Tencent Mobile Security product that serves millions of users worldwide.

Cryptography and Security,Machine Learning

Vijaya Bhaskar Sadu,Kumar Abhishek,Omaia Mohammed Al-Omari,Sandhya Rani Nallola,Rajeev Kumar Sharma,Mohammad Shadab Khan

DOI: https://doi.org/10.1080/0954898X.2024.2336058

2024-07-15

Network

Abstract:The Internet of Things (IoT) is a network that connects various hardware, software, data storage, and applications. These interconnected devices provide services to businesses and can potentially serve as entry points for cyber-attacks. The privacy of IoT devices is increasingly vulnerable, particularly to threats like viruses and illegal software distribution lead to the theft of critical information. Ant Colony-Optimized Artificial Neural-Adaptive Tensorflow (ACO-ANT) technique is proposed to detect malicious software illicitly disseminated through the IoT. To emphasize the significance of each token in source duplicate data, the noise data undergoes processing using tokenization and weighted attribute techniques. Deep learning (DL) methods are then employed to identify source code duplication. Also the Multi-Objective Recurrent Neural Network (M-RNN) is used to identify suspicious activities within an IoT environment. The performance of proposed technique is examined using Loss, accuracy, F measure, precision to identify its efficiency. The experimental outcomes demonstrate that the proposed method ACO-ANT on Malimg dataset provides 12.35%, 14.75%, 11.84% higher precision and 10.95%, 15.78%, 13.89% higher f-measure compared to the existing methods. Further, leveraging block chain for malware detection is a promising direction for future research the fact that could enhance the security of IoT and identify malware threats.