A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting

Internet of Things (IoT) devices are increasingly deployed in different industries and for different purposes (e.g. sensing/collecting of environmental data in both civilian and military settings). The increasing presence in a broad range of applications, and their increasing computing and processin...

Full description

Saved in:
Bibliographic Details
Published in:Future generation computer systems 2018-08, Vol.85, p.88-96
Main Authors: HaddadPajouh, Hamed, Dehghantanha, Ali, Khayami, Raouf, Choo, Kim-Kwang Raymond
Format: Article
Language:English
Subjects:
ARM-based IoT malware detection
Deep learning threat hunting
IoT malware detection
Long short term memory
Machine learning
OpCodes analysis
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Internet of Things (IoT) devices are increasingly deployed in different industries and for different purposes (e.g. sensing/collecting of environmental data in both civilian and military settings). The increasing presence in a broad range of applications, and their increasing computing and processing capabilities make them a valuable attack target, such as malware designed to compromise specific IoT devices. In this paper, we explore the potential of using Recurrent Neural Network (RNN) deep learning in detecting IoT malware. Specifically, our approach uses RNN to analyze ARM-based IoT applications’ execution operation codes (OpCodes). To train our models, we use an IoT application dataset comprising 281 malware and 270 benign ware. Then, we evaluate the trained model using 100 new IoT malware samples (i.e. not previously exposed to the model) with three different Long Short Term Memory (LSTM) configurations. Findings of the 10-fold cross validation analysis show that the second configuration with 2-layer neurons has the highest accuracy (98.18%) in the detection of new malware samples. A comparative summary with other machine learning classifiers also demonstrate that the LSTM approach delivers the best possible outcome. •Internet of Things malware threat hunting.•Deep Recurrent Neural Network based approach for IoT malware hunting.•IoT application execution OpCodes.•Recurrent neural network in detecting IoT malware.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2018.03.007