Baoguo Yuan,Junfeng Wang,Peng Wu,Xianguo Qing

DOI: https://doi.org/10.1109/jiot.2021.3100063

IF: 10.6

2022-03-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is hard to deploy adequate security defenses due to the diversity of architectures as well as the limited computing and storage capabilities, which makes it more vulnerable to malware. With the massive deployment of IoT devices, how to accurately identify and classify the malware variants is crucial to IoT security. However, existing methods of IoT malware classification generally support specific platform or require complex models to achieve higher accuracies. To solve these problems, this article proposes an IoT malware classification method based on lightweight convolutional neural networks (LCNNs). First, the malware binaries are converted into multidimensional Markov images. Then, the LCNN is designed with two new operations, depthwise convolution and channel shuffle, for malware images classification. Compared with other deep learning-based methods such as VGG16, the designed LCNN can greatly reduce trainable parameters while maintaining accuracy. The generated model of LCNN is only about 1 MB, while that of VGG16 is 552.57 MB. The average accuracies of the proposed method are higher than that of gray images on multiple IoT malware data sets, all of which are over 95%. Compared with the state-of-the-art low-level features-based methods, the average accuracy of the proposed method is 99.356% on the Microsoft data set even if the model is tiny. The results show that the proposed method is not only suitable for IoT environments but also has high accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiawei Su,Danilo Vasconcellos Vargas,Sanjiva Prasad,Daniele Sgandurra,Yaokai Feng,Kouichi Sakurai

DOI: https://doi.org/10.48550/arXiv.1802.03714

2018-02-11

Abstract:The Internet of Things (IoT) is an extension of the traditional Internet, which allows a very large number of smart devices, such as home appliances, network cameras, sensors and controllers to connect to one another to share information and improve user experiences. Current IoT devices are typically micro-computers for domain-specific computations rather than traditional functionspecific embedded devices. Therefore, many existing attacks, targeted at traditional computers connected to the Internet, may also be directed at IoT devices. For example, DDoS attacks have become very common in IoT environments, as these environments currently lack basic security monitoring and protection mechanisms, as shown by the recent Mirai and Brickerbot IoT botnets. In this paper, we propose a novel light-weight approach for detecting DDos malware in IoT <a class="link-external link-http" href="http://environments.We" rel="external noopener nofollow">this http URL</a> firstly extract one-channel gray-scale images converted from binaries, and then utilize a lightweight convolutional neural network for classifying IoT malware families. The experimental results show that the proposed system can achieve 94.0% accuracy for the classification of goodware and DDoS malware, and 81.8% accuracy for the classification of goodware and two main malware families.

Cryptography and Security,Computer Vision and Pattern Recognition

Hamad Naeem,Bandar M. Alshammari,Farhan Ullah

DOI: https://doi.org/10.1155/2022/7671967

IF: 3.12

2022-07-17

Computational Intelligence and Neuroscience

Abstract:Automated malware detection is a prominent issue in the world of network security because of the rising number and complexity of malware threats. It is time-consuming and resource intensive to manually analyze all malware files in an application using traditional malware detection methods. Polymorphism and code obfuscation were created by malware authors to bypass the standard signature-based detection methods used by antivirus vendors. Malware detection using deep learning (DL) approaches has recently been implemented in an effort to address this problem. This study compares the detection of IoT device malware using three current state-of-the-art CNN models that have been pretrained. Large-scale learning performance using GNB, SVM, DT, LR, K-NN, and ensemble classifiers with CNN models is also included in the results. In light of the findings, a pretrained Inception-v3 CNN-based transfer learned model with fine-tuned strategy is proposed to identify IoT device malware by utilizing color image malware display of android Dalvik Executable File (DEX). Inception-v3 retrieves the malware's most important features. After that, a global max-pooling layer is applied, and a SoftMax classifier is used to classify the features. Finally, gradient-weighted class activation mapping (Grad-CAM) along the t-distributed stochastic neighbor embedding (t-SNE) is used to understand the overall performance of the proposed method. The proposed method achieved an accuracy of 98.5% and 91%, respectively, in the binary and multiclass prediction of malware images from IoT devices, exceeding the comparison methods in different evaluation parameters.

mathematical & computational biology,neurosciences

Ali Mehrban,Pegah Ahadian

DOI: https://doi.org/10.48550/arXiv.2312.17683

2024-02-04

Abstract:Malware detection in IoT environments necessitates robust methodologies. This study introduces a CNN-LSTM hybrid model for IoT malware identification and evaluates its performance against established methods. Leveraging K-fold cross-validation, the proposed approach achieved 95.5% accuracy, surpassing existing methods. The CNN algorithm enabled superior learning model construction, and the LSTM classifier exhibited heightened accuracy in classification. Comparative analysis against prevalent techniques demonstrated the efficacy of the proposed model, highlighting its potential for enhancing IoT security. The study advocates for future exploration of SVMs as alternatives, emphasizes the need for distributed detection strategies, and underscores the importance of predictive analyses for a more powerful IOT security. This research serves as a platform for developing more resilient security measures in IoT ecosystems.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Wenbo Zhang,Yongxin Feng,Guangjie Han,Hongbo Zhu,Xiaobo Tan

DOI: https://doi.org/10.3390/s22228739

IF: 3.9

2022-11-13

Sensors

Abstract:It is critical to detect malicious code for the security of the Internet of Things (IoT). Therefore, this work proposes a malicious code detection algorithm based on the novel feature fusion–malware image convolutional neural network (FF-MICNN). This method combines a feature fusion algorithm with deep learning. First, the malicious code is transformed into grayscale image features by image technology, after which the opcode sequence features of the malicious code are extracted by the n-gram technique, and the global and local features are fused by feature fusion technology. The fused features are input into FF-MICNN for training, and an appropriate classifier is selected for detection. The results of experiments show that the proposed algorithm exhibits improvements in its detection speed, the comprehensiveness of features, and accuracy as compared with other algorithms. The accuracy rate of the proposed algorithm is also 0.2% better than that of a detection algorithm based on a single feature.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ayat T. Salim,Ban Mohammed Khammas

DOI: https://doi.org/10.31987/ijict.6.3.233

2023-12-31

Abstract:Internet of Things (IoT) equipment is rapidly being used in a variety of businesses and for a variety of reasons (for example, sensing and collecting data from the environment in both public and military settings). Because of their expanding involvement in a wide range of applications and their rising computational and processing capabilities, they are a viable attack target for malware tailored to infect specific IoT devices. This study investigates the potential of detecting IoT malware using different deep learning techniques: the classic feedforward neural network (FNN), convolutional neural networks (CNN), long short-term memory (LSTM), and recurrent neural networks (RNN). The proposed method analyses the execution operation codes of IOT app sequences using modern NLP (natural language processing) methods. The current work utilized an IoT application dataset with 500 malware (collected from the IOTPOT dataset) and 500 goodware samples to train the proposed algorithms. The trained model is tested against 2971 fresh IoT malware and goodware samples. The samples were input into deep learning models, and performance metrics were obtained. The results demonstrate that the RNN model had the best accuracy (99.19%) in detecting fresh malware samples. On the other hand, the results were compared by the time required for training; the CNN model shows that it could achieve high accuracy (98.05%) with less training time. A comparison with various deep learning classifiers demonstrates that the RNN and CNN techniques produce the best results.

Robert Shire,Stavros Shiaeles,Keltoum Bendiab,Bogdan Ghita,Nicholas Kolokotronis

DOI: https://doi.org/10.1007/978-3-030-30859-9_6

2021-09-08

Abstract:Internet of Things devices have seen a rapid growth and popularity in recent years with many more ordinary devices gaining network capability and becoming part of the ever growing IoT network. With this exponential growth and the limitation of resources, it is becoming increasingly harder to protect against security threats such as malware due to its evolving faster than the defence mechanisms can handle with. The traditional security systems are not able to detect unknown malware as they use signature-based methods. In this paper, we aim to address this issue by introducing a novel IoT malware traffic analysis approach using neural network and binary visualisation. The prime motivation of the proposed approach is to faster detect and classify new malware (zero-day malware). The experiment results show that our method can satisfy the accuracy requirement of practical application.

Cryptography and Security,Artificial Intelligence

Zhihua Cui,Fei Xue,Xingjuan Cai,Yang Cao,Gai-ge Wang,Jinjun Chen

DOI: https://doi.org/10.1109/tii.2018.2822680

IF: 12.3

2018-07-01

IEEE Transactions on Industrial Informatics

Abstract:With the development of the Internet, malicious code attacks have increased exponentially, with malicious code variants ranking as a key threat to Internet security. The ability to detect variants of malicious code is critical for protection against security breaches, data theft, and other dangers. Current methods for recognizing malicious code have demonstrated poor detection accuracy and low detection speeds. This paper proposed a novel method that used deep learning to improve the detection of malware variants. In prior research, deep learning demonstrated excellent performance in image recognition. To implement our proposed detection method, we converted the malicious code into grayscale images. Then, the images were identified and classified using a convolutional neural network (CNN) that could extract the features of the malware images automatically. In addition, we utilized a bat algorithm to address the data imbalance among different malware families. To test our approach, we conducted a series of experiments on malware image data from Vision Research Lab. The experimental results demonstrated that our model achieved good accuracy and speed as compared with other malware detection models.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Pratyush Panda,Om Kumar C U,Suguna Marappan,Suresh Ma,Manimurugan S,Deeksha Veesani Nandi

DOI: https://doi.org/10.3390/s23063253

2023-03-20

Abstract:The tremendous growth in online activity and the Internet of Things (IoT) led to an increase in cyberattacks. Malware infiltrated at least one device in almost every household. Various malware detection methods that use shallow or deep IoT techniques were discovered in recent years. Deep learning models with a visualization method are the most commonly and popularly used strategy in most works. This method has the benefit of automatically extracting features, requiring less technical expertise, and using fewer resources during data processing. Training deep learning models that generalize effectively without overfitting is not feasible or appropriate with large datasets and complex architectures. In this paper, a novel ensemble model, Stacked Ensemble-autoencoder, GRU, and MLP or SE-AGM, composed of three light-weight neural network models-autoencoder, GRU, and MLP-that is trained on the 25 essential and encoded extracted features of the benchmark MalImg dataset for classification was proposed. The GRU model was tested for its suitability in malware detection due to its lesser usage in this domain. The proposed model used a concise set of malware features for training and classifying the malware classes, which reduced the time and resource consumption in comparison to other existing models. The novelty lies in the stacked ensemble method where the output of one intermediate model works as input for the next model, thereby refining the features as compared to the general notion of an ensemble approach. Inspiration was drawn from earlier image-based malware detection works and transfer learning ideas. To extract features from the MalImg dataset, a CNN-based transfer learning model that was trained from scratch on domain data was used. Data augmentation was an important step in the image processing stage to investigate its effect on classifying grayscale malware images in the MalImg dataset. SE-AGM outperformed existing approaches on the benchmark MalImg dataset with an average accuracy of 99.43%, demonstrating that our method was on par with or even surpassed them.

Tzu-Ling Wan,Tao Ban,Shin-Ming Cheng,Yen-Ting Lee,Bo Sun,Ryoichi Isawa,Takeshi Takahashi,Daisuke Inoue

DOI: https://doi.org/10.1109/ojcs.2020.3033974

2020-01-01

IEEE Open Journal of the Computer Society

Abstract:Simple implementation and autonomous operation features make the Internet-of-Things (IoT) vulnerable to malware attacks. Static analysis of IoT malware executable files is a feasible approach to understanding the behavior of IoT malware for mitigation and prevention. However, current analytic approaches based on opcodes or call graphs typically do not work well with diversity in central processing unit (CPU) architectures and are often resource intensive. In this paper, we propose an efficient method for leveraging machine learning methods to detect and classify IoT malware programs. We show that reliable and efficient detection and classification can be achieved by exploring the essential discriminating information stored in the byte sequences at the entry points of executable programs. We demonstrate the performance of the proposed method using a large-scale dataset consisting of 111K benignware and 111K malware programs from seven CPU architectures. The proposed method achieves near optimal generalization performance for malware detection (99.96 accuracy) and for malware family classification (98.47 accuracy). Moreover, when CPU architecture information is considered in learning, the proposed method combined with support vector machine classifiers can yield even higher generalization performance using fewer bytes from the executable files. The findings in this paper are promising for implementing light-weight malware protection on IoT devices with limited resources.

Safa Ben Atitallah,Maha Driss,Iman Almomani

DOI: https://doi.org/10.3390/s22114302

IF: 3.9

2022-06-06

Sensors

Abstract:The Internet of Things (IoT) is prone to malware assaults due to its simple installation and autonomous operating qualities. IoT devices have become the most tempting targets of malware due to well-known vulnerabilities such as weak, guessable, or hard-coded passwords, a lack of secure update procedures, and unsecured network connections. Traditional static IoT malware detection and analysis methods have been shown to be unsatisfactory solutions to understanding IoT malware behavior for mitigation and prevention. Deep learning models have made huge strides in the realm of cybersecurity in recent years, thanks to their tremendous data mining, learning, and expression capabilities, thus easing the burden on malware analysts. In this context, a novel detection and multi-classification vision-based approach for IoT-malware is proposed. This approach makes use of the benefits of deep transfer learning methodology and incorporates the fine-tuning method and various ensembling strategies to increase detection and classification performance without having to develop the training models from scratch. It adopts the fusion of 3 CNNs, ResNet18, MobileNetV2, and DenseNet161, by using the random forest voting strategy. Experiments are carried out using a publicly available dataset, MaleVis, to assess and validate the suggested approach. MaleVis contains 14,226 RGB converted images representing 25 malware classes and one benign class. The obtained findings show that our suggested approach outperforms the existing state-of-the-art solutions in terms of detection and classification performance; it achieves a precision of 98.74%, recall of 98.67%, a specificity of 98.79%, F1-score of 98.70%, MCC of 98.65%, an accuracy of 98.68%, and an average processing time per malware classification of 672 ms.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Sharjeel Riaz,Shahzad Latif,Syed Muhammad Usman,Syed Sajid Ullah,Abeer D Algarni,Amanullah Yasin,Aamir Anwar,Hela Elmannai,Saddam Hussain

DOI: https://doi.org/10.3390/s22239305

2022-11-29

Abstract:Internet of Things (IoT) devices usage is increasing exponentially with the spread of the internet. With the increasing capacity of data on IoT devices, these devices are becoming venerable to malware attacks; therefore, malware detection becomes an important issue in IoT devices. An effective, reliable, and time-efficient mechanism is required for the identification of sophisticated malware. Researchers have proposed multiple methods for malware detection in recent years, however, accurate detection remains a challenge. We propose a deep learning-based ensemble classification method for the detection of malware in IoT devices. It uses a three steps approach; in the first step, data is preprocessed using scaling, normalization, and de-noising, whereas in the second step, features are selected and one hot encoding is applied followed by the ensemble classifier based on CNN and LSTM outputs for detection of malware. We have compared results with the state-of-the-art methods and our proposed method outperforms the existing methods on standard datasets with an average accuracy of 99.5%.

Ahmad M.N. Zaza,Suleiman K. Kharroub,Khalid Abualsaud

DOI: https://doi.org/10.48550/arXiv.2010.06286

2020-10-21

Abstract:Internet of Things (IoT) is becoming more frequently used in more applications as the number of connected devices is in a rapid increase. More connected devices result in bigger challenges in terms of scalability, maintainability and most importantly security especially when it comes to 5G networks. The security aspect of IoT devices is an infant field, which is why it is our focus in this paper. Multiple IoT device manufacturers do not consider securing the devices they produce for different reasons like cost reduction or to avoid using energy-harvesting components. Such potentially malicious devices might be exploited by the adversary to do multiple harmful attacks. Therefore, we developed a system that can recognize malicious behavior of a specific IoT node on the network. Through convolutional neural network and monitoring, we were able to provide malware detection for IoT using a central node that can be installed within the network. The achievement shows how such models can be generalized and applied easily to any network while clearing out any stigma regarding deep learning techniques.

Cryptography and Security,Machine Learning

Shtwai Alsubai,Ashit Kumar Dutta,Abdullah M Alnajim,Abdul Rahaman Wahab Sait,Rashid Ayub,Afnan Mushabbab AlShehri,Naved Ahmad

DOI: https://doi.org/10.7717/peerj-cs.1366

2023-05-29

Abstract:The Internet of Things (IoT) environment demands a malware detection (MD) framework for protecting sensitive data from unauthorized access. The study intends to develop an image-based MD framework. The authors apply image conversion and enhancement techniques to convert malware binaries into RGB images. You only look once (Yolo V7) is employed for extracting the key features from the malware images. Harris Hawks optimization is used to optimize the DenseNet161 model to classify images into malware and benign. IoT malware and Virusshare datasets are utilized to evaluate the proposed framework's performance. The outcome reveals that the proposed framework outperforms the current MD framework. The framework generates the outcome at an accuracy and F1-score of 98.65 and 98.5 and 97.3 and 96.63 for IoT malware and Virusshare datasets, respectively. In addition, it achieves an area under the receiver operating characteristics and the precision-recall curve of 0.98 and 0.85 and 0.97 and 0.84 for IoT malware and Virusshare datasets, accordingly. The study's outcome reveals that the proposed framework can be deployed in the IoT environment to protect the resources.

Amir El-Ghamry,Tarek Gaber,Kamel K. Mohammed,Aboul Ella Hassanien

DOI: https://doi.org/10.3390/electronics12030708

IF: 2.9

2023-01-31

Electronics

Abstract:With the widespread use of IoT applications, malware has become a difficult and sophisticated threat. Without robust security measures, a massive volume of confidential and classified data could be exposed to vulnerabilities through which hackers could do various illicit acts. As a result, improved network security mechanisms that can analyse network traffic and detect malicious traffic in real-time are required. In this paper, a novel optimized machine learning image-based IoT malware detection method is proposed using visual representation (i.e., images) of the network traffic. In this method, the ant colony optimizer (ACO)-based feature selection method was proposed to get a minimum number of features while improving the support vector machines (SVMs) classifier's results (i.e., the malware detection results). Further, the PSO algorithm tuned the SVM parameters of the different kernel functions. Using a public dataset, the experimental results showed that the SVM linear function kernel is the best with an accuracy of 95.56%, recall of 96.43%, precision of 94.12%, and F1_score of 95.26%. Comparing with the literature, it was concluded that bio-inspired techniques, i.e., ACO and PSO, could be used to build an effective and lightweight machine-learning-based malware detection system for the IoT environment.

engineering, electrical & electronic,computer science, information systems,physics, applied

Tongxin Shi,Roy A. McCann,Ying Huang,Wei Wang,Jun Kong

DOI: https://doi.org/10.3390/s24134122

IF: 3.9

2024-06-25

Sensors

Abstract:The increasing usage of interconnected devices within the Internet of Things (IoT) and Industrial IoT (IIoT) has significantly enhanced efficiency and utility in both personal and industrial settings but also heightened cybersecurity vulnerabilities, particularly through IoT malware. This paper explores the use of one-class classification, a method of unsupervised learning, which is especially suitable for unlabeled data, dynamic environments, and malware detection, which is a form of anomaly detection. We introduce the TF-IDF method for transforming nominal features into numerical formats that avoid information loss and manage dimensionality effectively, which is crucial for enhancing pattern recognition when combined with n-grams. Furthermore, we compare the performance of multi-class vs. one-class classification models, including Isolation Forest and deep autoencoder, that are trained with both benign and malicious NetFlow samples vs. trained exclusively on benign NetFlow samples. We achieve 100% recall with precision rates above 80% and 90% across various test datasets using one-class classification. These models show the adaptability of unsupervised learning, especially one-class classification, to the evolving malware threats in the IoT domain, offering insights into enhancing IoT security frameworks and suggesting directions for future research in this critical area.

engineering, electrical & electronic,instruments & instrumentation,chemistry, analytical

Muhammad Asam,Saddam Hussain Khan,Tauseef Jamal,Asifullah Khan

DOI: https://doi.org/10.48550/arXiv.2202.04121

2022-02-09

Abstract:Interaction between devices, people, and the Internet has given birth to a new digital communication model, the Internet of Things (IoT). The seamless network of these smart devices is the core of this IoT model. However, on the other hand, integrating smart devices to constitute a network introduces many security challenges. These connected devices have created a security blind spot, where cybercriminals can easily launch an attack to compromise the devices using malware proliferation techniques. Therefore, malware detection is considered a lifeline for the survival of IoT devices against cyberattacks. This study proposes a novel IoT Malware Detection Architecture (iMDA) using squeezing and boosting dilated convolutional neural network (CNN). The proposed architecture exploits the concepts of edge and smoothing, multi-path dilated convolutional operations, channel squeezing, and boosting in CNN. Edge and smoothing operations are employed with split-transform-merge (STM) blocks to extract local structure and minor contrast variation in the malware images. STM blocks performed multi-path dilated convolutional operations, which helped recognize the global structure of malware patterns. Additionally, channel squeezing and merging helped to get the prominent reduced and diverse feature maps, respectively. Channel squeezing and boosting are applied with the help of STM block at the initial, middle and final levels to capture the texture variation along with the depth for the sake of malware pattern hunting. The proposed architecture has shown substantial performance compared with the customized CNN models. The proposed iMDA has achieved Accuracy: 97.93%, F1-Score: 0.9394, Precision: 0.9864, MCC: 0. 8796, Recall: 0.8873, AUC-PR: 0.9689 and AUC-ROC: 0.9938.

Cryptography and Security,Artificial Intelligence

Faiza Habib,Syed Hamad Shirazi,Khursheed Aurangzeb,Asfandyar Khan,Bharat Bhushan,Musaed Alhussein

DOI: https://doi.org/10.1109/access.2024.3383831

IF: 3.9

2024-04-09

IEEE Access

Abstract:Today Internet of Things (IoT) has become a key part of the modern world as it enables web-based IoT devices to collect, transfer, and analyze the data of individuals, companies, and industries. IoT provides numerous services and applications via a massive number of interconnected devices and has become an innovative attack vector for cyber-attacks and threats such as malware attacks that are currently regarded as serious dangers to the security of IoT devices and systems. Such threats are sufficient to infiltrate individual private information that inflicts harm to both the financial standing and reputation in an organization. In literature, researchers have used multiple machine learning and deep learning models to tackle this security threat, however, still accurate classification and detection of metamorphic malware in IoT devices remains a challenge. In this article, we used a deep learning model to accurately detect metamorphic malware in IoT devices. We have employed six models including (VGG16, InceptionV3, CNN, ResNet50, MobileNet, and Efficient NetB0 on Malimg publicly available malware image dataset. The Internet of Things (IoT) would benefit from having a method that could identify metamorphic malware. It isn't possible to rely on detection techniques that are fixed or signature-based. Throughout this research, a straightforward technique for carrying out dynamic analysis to comprehend the behavior of code is suggested. To determine if executable are malicious, it is necessary to first measure the behavior of executable and then utilize this information to make that determination. Additionally, the purpose of this study is to create a classifier that makes utilization of deep learning techniques to analyze complicated behavior reports. The obtained results depict that the proposed model achieves a promising accuracy of 99% and F1-score of 97% employed on the standard Malimg dataset as compared to other existing machine and deep learning models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zilin Zhao,Dawei Zhao,Shumian Yang,Lijuan Xu

DOI: https://doi.org/10.1155/2023/6390023

IF: 1.968

2023-04-19

Security and Communication Networks

Abstract:In recent years, malware has experienced explosive growth and has become one of the most severe security threats. However, feature engineering easily restricts the traditional machine learning methods-based malware classification and is hard to deal with massive malware. At the same time, the dynamic analysis methods have the problems of complex operation and high cost, which are not suitable for efficiently classifying large quantities of malware. Therefore, we propose a novel static malware detection method based on this study's AlexNet convolutional neural network (CNN). Unlike existing solutions, we convert all malware bytes into color images, propose an improved AlexNet architecture, and solve the unbalanced datasets with the data enhancement method. Extensive experiments are performed using the Microsoft malware dataset and the Google Code Jam (GCJ) dataset. The experimental results show that the accuracy of the Microsoft malware dataset reaches 99.99%, and the GCJ dataset reaches 99.38%. We also verify that our method can better extract the texture features of malware and improve the accuracy and detection efficiency.

computer science, information systems,telecommunications

Rongrong Jiang,Zhengqiu Weng,Lili Shi,Erxuan Weng,Hongmei Li,Weiqiang Wang,Tiantian Zhu,Wuzhao Li

DOI: https://doi.org/10.1002/cpe.8258

2024-08-17

Concurrency and Computation Practice and Experience

Abstract:Summary With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

computer science, theory & methods, software engineering