A lightweight malware detection and family classification system for the Internet of Things (IoT) was designed to solve the difficulty of deploying defense models caused by the limited computing and storage resources of IoT devices. By training complex models with IoT software gray-scale images and utilizing the gradient-weighted class-activated mapping technique, the system can identify key codes that influence model decisions. This allows for the reconstruction of gray-scale images to train a lightweight model called LMDNet for malware detection. Additionally, the multi-teacher knowledge distillation method is employed to train KD-LMDNet, which focuses on classifying malware families. The results indicate that the model’s identification speed surpasses that of traditional methods by 23.68%. Moreover, the accuracy achieved on the Malimg dataset for family classification is an impressive 99.07%. Furthermore, with a model size of only 0.45M, it appears to be well-suited for the IoT environment. By training complex models using IoT software gray-scale images and utilizing the gradient-weighted class-activated mapping technique, the system can identify key codes that influence model decisions. This allows for the reconstruction of gray-scale images to train a lightweight model called LMDNet for malware detection. Thus, the presented approach can address the challenges associated with malware detection and family classification in IoT devices.
References
[1]
Gaikwad, N.B., Khare, S.K., Satpute, N., et al. (2022) Hardware Implementation of High-Performance Classifiers for Edge Gateway of Smart Automobile. 2022 1st International Conference on the Paradigm Shifts in Communication,Embedded Systems, Machine Learning and Signal Processing (PCEMS), Nagpur, 6-7 May 2022, 74-77. https://doi.org/10.1109/PCEMS55161.2022.9808049
[2]
Casillo, M., Colace, F., Gupta, B.B., et al. (2022) A Situation Awareness Approach for Smart Home Management. 2021 International Seminar on Machine Learning, Optimization, and Data Science (ISMODE), Jakarta, 29-30 January 2022, 260-265. https://doi.org/10.1109/ISMODE53584.2022.9742901
[3]
Rokade, A. and Singh, M. (2021) Analysis of Precise Green House Management System Using Machine Learning Based Internet of Things (IoT) for Smart Farming. 2021 2nd International Conference on Smart Electronics and Communication (ICOSEC), Trichy, 7-9 October 2021, 21-28. https://doi.org/10.1109/ICOSEC51865.2021.9591962
[4]
Subrahmannian, A. and Behera, S.K. (2022) Chipless RFID Sensors for IoT-Based Healthcare Applications: A Review of State of the Art. IEEE Transactions on Instrumentation and Measurement, 71, 1-20. https://doi.org/10.1109/TIM.2022.3180422
[5]
HaddadPajouh, H., Dehghantanha, A., Parizi, R.M., et al. (2021) A Survey on Internet of Things Security: Requirements, Challenges, and Solutions. Internet of Things, 14, Article 100129. https://doi.org/10.1016/j.iot.2019.100129
[6]
Greenberg, A. (2020) This Bluetooth Attack Can Steal a Tesla Model X in Minutes. https://www.wired.com/story/tesla-model-x-hack-bluetooth
[7]
Yousuf, M.J., Kanwal, N., Ansari, M.S., et al. (2022) Deep Learning Based Human Detection in Privacy-Preserved Surveillance Videos. 35th International BCS Human-Computer Interaction Conference (HCI2022), Keele, 11-13 July 2022, 1-7. https://doi.org/10.14236/ewic/HCI2022.33
[8]
Sonicwall, J. (2023) 2023 SonicWall Cyber Threat Report. SonicWall, Milpitas.
[9]
Liang, G., Bai, L., Pang, J., et al. (2021) A Malware Detection Method Based on Hybrid Learning. Acta Electronica Sinica, 49, 286-291.
[10]
Ngo, Q.D., Nguyen, H.T., Le, V.H., et al. (2020) A Survey of IoT Malware and Detection Methods Based on Static Features. ICT Express, 6, 280-286. https://doi.org/10.1016/j.icte.2020.04.005
[11]
Madan, S., Sofat, S. and Bansal, D. (2022) Tools and Techniques for Collection and Analysis of Internet-of-Things Malware: A Systematic State-of-Art Review. Journal of King Saud University-Computer and Information Sciences, 34, 9867-9888. https://doi.org/10.1016/j.jksuci.2021.12.016
[12]
Wang, C., Zhao, Z., Wang, F., et al. (2021) A Novel Malware Detection and Family Classification Scheme for IoT Based on DEAM and DenseNet. Security and Communication Networks, 2021, Article ID: 6658842. https://doi.org/10.1155/2021/6658842
[13]
Aslan, Ö. and Yilmaz, A.A. (2021) A New Malware Classification Framework Based on Deep Learning Algorithms. IEEE Access, 9, 87936-87951. https://doi.org/10.1109/ACCESS.2021.3089586
[14]
Nisa, M., Shah, J.H., Kanwal, S., et al. (2020) Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features. Applied Sciences, 10, Article 4966. https://doi.org/10.3390/app10144966
[15]
HaddadPajouh, H., Dehghantanha, A., Khayami, R., et al. (2018) A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting. Future Generation Computer Systems, 85, 88-96. https://doi.org/10.1016/j.future.2018.03.007
[16]
Darabian, H., Dehghantanha, A., Hashemi, S., et al. (2020) An Opcode-Based Technique for Polymorphic Internet of Things Malware Detection. Concurrency and Computation: Practice and Experience, 32, e5173. https://doi.org/10.1002/cpe.5173
[17]
Dovom, E.M., Azmoodeh, A., Dehghantanha, A., et al. (2019) Fuzzy Pattern Tree for Edge Malware Detection and Categorization in IoT. Journal of Systems Architecture, 97, 1-7. https://doi.org/10.1016/j.sysarc.2019.01.017
[18]
Shahzad, F. and Farooq, M. (2012) ELF-Miner: Using Structural Knowledge and Data Mining Methods to Detect New (Linux) Malicious Executables. Knowledge and Information Systems, 30, 589-612. https://link.springer.com/article/10.1007/s10115-011-0393-5 https://doi.org/10.1007/s10115-011-0393-5
[19]
Bai, J., Yang, Y., Mu, S., et al. (2013) Malware Detection through Mining Symbol Table of Linux Executables. Information Technology Journal, 12, 380-384. https://doi.org/10.3923/itj.2013.380.384
[20]
Nataraj, L., Karthikeyan, S., Jacob, G., et al. (2011) Malware Images: Visualization and Automatic Classification. Proceedings of the 8th International Symposium on Visualization for Cyber Security, Pittsburgh, 20 July 2011, 1-7. https://doi.org/10.1145/2016904.2016908
[21]
Su, J., Vasconcellos, D.V., Prasad, S., et al. (2018) Lightweight Classification of IoT Malware Based on Image Recognition. 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, 23-27 July 2018, 664-669. https://doi.org/10.1109/COMPSAC.2018.10315
[22]
Karanja, E.M., Masupe, S. and Jeffrey, M.G. (2020) Analysis of Internet of Things Malware Using Image Texture Features and Machine Learning Techniques. Internet of Things, 9, Article 100153. https://doi.org/10.1016/j.iot.2019.100153
[23]
Yuan, B., Wang, J., Wu, P., et al. (2021) IoT Malware Classification Based on Lightweight Convolutional Neural Networks. IEEE Internet of Things Journal, 9, 3770-3783. https://doi.org/10.1109/JIOT.2021.3100063
[24]
Chen, C.Y. and Hsiao, S.W. (2019) IoT Malware Dynamic Analysis Profiling System and Family Behavior Analysis. 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, 9-12 December 2019, 6013-6015. https://doi.org/10.1109/BigData47090.2019.9005981
[25]
Jeon, J., Park, J.H. and Jeong, Y.S. (2020) Dynamic Analysis for IoT Malware Detection with Convolution Neural Network Model. IEEE Access, 8, 96899-96911. https://doi.org/10.1109/ACCESS.2020.2995887
[26]
Monnappa, K. (2015) Automating Linux Malware Analysis Using Limon Sandbox. Black Hat Europe. https://www.blackhat.com/docs/asia-16/materials/arsenal/asia-16-KA-Limon-wp.pdf
Selvaraju, R.R., Cogswell, M., Das, A., et al. (2017) Grad-CAM: Visual Explanations from Deep Networks via Gradient-Based Localization. Proceedings of the 2017IEEE International Conference on Computer Vision, Venice, 22-29 October 2017, 618-626. https://doi.org/10.1109/ICCV.2017.74
[30]
Zeiler, M.D. and Fergus, R. (2014) Visualizing and Understanding Convolutional Networks. Computer Vision—ECCV 2014: 13th European Conference, Zurich, 6-12 September 2014, 818-833. https://doi.org/10.1007/978-3-319-10590-1_53
[31]
LeCun, Y., Bottou, L., Bengio, Y., et al. (1998) Gradient-Based Learning Applied to Document Recognition. Proceedings of the IEEE, 86, 2278-2324. https://doi.org/10.1109/5.726791
[32]
Krizhevsky, A., Sutskever, I. and Hinton, G.E. (2017) Imagenet Classification with Deep Convolutional Neural Networks. Communications of the ACM, 60, 84-90. https://doi.org/10.1145/3065386
[33]
Wang, Q., Wu, B., Zhu, P., et al. (2020) ECA-Net: Efficient Channel Attention for Deep Convolutional Neural Networks. 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, 13-19 June 2020, 11534-11542. https://doi.org/10.1109/CVPR42600.2020.01155
[34]
Hu, J., Shen, L. and Sun, G. (2018) Squeeze-and-Excitation Networks. 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Salt Lake City, 18-23 June 2018, 7132-7141. https://doi.org/10.1109/CVPR.2018.00745
[35]
Kalash, M., Rochan, M., Mohammed, N., et al. (2018) Malware Classification with Deep Convolutional Neural Networks. 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, 26-28 February 2018, 1-5. https://doi.org/10.1109/NTMS.2018.8328749
[36]
Sharma, H., Jain, J.S., Bansal, P., et al. (2020) Feature Extraction and Classification of Chest X-Ray Images Using CNN to Detect Pneumonia. 2020 10th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, 29-31 January 2020, 227-231. https://doi.org/10.1109/Confluence47617.2020.9057809
[37]
You, S., Xu, C., Xu, C., et al. (2017) Learning from Multiple Teacher Networks. Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Halifax, 13-17 August 2017, 1285-1294. https://doi.org/10.1145/3097983.3098135
[38]
Fukuda, T., Suzuki, M., Kurata, G., et al. (2017) Efficient Knowledge Distillation from an Ensemble of Teachers. Proceedings of the 18th Annual Conference of the International Speech Communication Association, Stockholm, 20-24 August 2017, 3697-3701. https://doi.org/10.21437/interspeech.2017-614
[39]
Wu, M.C., Chiu, C.T. and Wu, K.H. (2019) Multi-Teacher Knowledge Distillation for Compressed Video Action Recognition on Deep Neural Networks. 2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Brighton, 12-17 May 2019, 2202-2206. https://doi.org/10.1109/ICASSP.2019.8682450
[40]
Pa, Y.M.P., Suzuki, S., Yoshioka, K., et al. (2015) IoTPOT: Analysing the Rise of IoT Compromises. 9th USENIX Workshop on Offensive Technologies (WOOT 15), Washington, D.C., 10-11 August 2015, 1-9. https://www.usenix.org/conference/woot15/workshop-program/presentation/pa
[41]
Kato, S., Tanabe, R., Yoshioka, K., et al. (2021) Adaptive Observation of Emerging Cyber Attacks Targeting Various IoT Devices. 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), Bordeaux, 17-21 May 2021, 143-151. https://ieeexplore.ieee.org/abstract/document/9464004
[42]
https://github.com/azmoodeh/
[43]
https://www.virustotal.com/
[44]
Vasan, D., Alazab, M., Wassan, S., et al. (2020) IMCFN: Image-Based Malware Classification Using Fine-Tuned Convolutional Neural Network Architecture. Computer Networks, 171, Article 107138. https://doi.org/10.1016/j.comnet.2020.107138
[45]
Cui, Z., Xue, F., Cai, X., et al. (2018) Detection of Malicious Code Variants Based on Deep Learning. IEEE Transactions on Industrial Informatics, 14, 3187-3196. https://doi.org/10.1109/TII.2018.2822680
[46]
Çayir, A., Ünal, U. and Dağ, H. (2021) Random CapsNet Forest Model for Imbalanced Malware Type Classification Task. Computers & Security, 102, Article 102133. https://doi.org/10.1016/j.cose.2020.102133
