HCL-Classifier: CNN and LSTM based hybrid malware classifier for Internet of Things (IoT)

被引:15
作者
Abdullah, Muhammed Amin [1 ]
Yu, Yongbin [1 ]
Adu, Kwabena [2 ]
Imrana, Yakubu [3 ]
Wang, Xiangxiang [1 ]
Cai, Jingye [1 ]
机构
[1] Univ Elect Sci & Technol China, Sch Informat & Software Engn, Hefei, Anhui, Peoples R China
[2] Univ Energy & Nat Resources, Dept Comp Sci & Informat, Sunyani, Ghana
[3] Univ Elect Sci & Technol, Sch Comp Sci & Engn, Hefei, Peoples R China
来源
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2023年 / 142卷
基金
国家重点研发计划; 中国国家自然科学基金;
关键词
Malware analysis; Convolutional neural networks (CNN); Long short-term memory networks (LSTM); Internet of things; FRAMEWORK; CODE;
D O I
10.1016/j.future.2022.12.034
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper highlights a hybrid static classifier based on CNN and bidirectional LSTM for Malware classification tasks in the IoT. Our approach learns and takes note of the nature and complex patterns of the Byte and Assembly files represented in one-dimensional images to enable better feature extraction, and does not require any expertise. CNN is used for automatic feature selection and extraction. In addition, the extracted features are forwarded to the bidirectional LSTM for classification. Extensive experiments were conducted with the Microsoft Malware classification dataset and the IoT Malware dataset. The experimental results show that our HCL-Classifier achieves an average of 99.91% and 99.83%, respectively, outperforming traditional single-input state-of-the-art works. Moreover, the least performed classifier among the baseline models used in this work, such as Random Forest, achieved 97.66% accuracy. We attribute this to the nature of our 1D image representation. This study also discovered that the different files in the dataset contain specific features that differ from file to file, which we demonstrated visually and through experiments. (c) 2022 Elsevier B.V. All rights reserved.
引用
收藏
页码:41 / 58
页数:18
相关论文
共 40 条
[1]  
Abdelouahab K, 2018, Arxiv, DOI arXiv:1806.01683
[2]   Novel Feature Extraction, Selection and Fusion for Effective Malware Family Classification [J].
Ahmadi, Mansour ;
Ulyanov, Dmitry ;
Semenov, Stanislav ;
Trofimov, Mikhail ;
Giacinto, Giorgio .
CODASPY'16: PROCEEDINGS OF THE SIXTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, 2016, :183-194
[3]   Static malware detection and attribution in android byte-code through an end-to-end deep system [J].
Amin, Muhammad ;
Tanveer, Tamleek Ali ;
Tehseen, Mohammad ;
Khan, Murad ;
Khan, Fakhri Alam ;
Anwar, Sajid .
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2020, 102 :112-126
[4]  
[Anonymous], 2017, ECCWS 2017 16 EUR C
[5]   The Internet of Things: A survey [J].
Atzori, Luigi ;
Iera, Antonio ;
Morabito, Giacomo .
COMPUTER NETWORKS, 2010, 54 (15) :2787-2805
[6]  
Garcia FCC, 2016, Arxiv, DOI arXiv:1609.07770
[7]   Random CapsNet for est model for imbalanced malware type classification task [J].
Cayir, Aykut ;
Unal, Ugur ;
Dag, Hasan .
COMPUTERS & SECURITY, 2021, 102
[8]   Machine learning based mobile malware detection using highly imbalanced network traffic [J].
Chen, Zhenxiang ;
Yan, Qiben ;
Han, Hongbo ;
Wang, Shanshan ;
Peng, Lizhi ;
Wang, Lin ;
Yang, Bo .
INFORMATION SCIENCES, 2018, 433 :346-364
[9]  
Chumachenko K., 2017, Machine Learning Methods for Malware Detection and Classification
[10]   Understanding Linux Malware [J].
Cozzi, Emanuele ;
Graziano, Mariano ;
Fratantonio, Yanick ;
Balzarotti, Davide .
2018 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2018, :161-175