Abstract
Malware detection has recently emerged as a significant challenge on the Internet of Things (IoT) security domain. Due to the increasing complexity and variety of malware, the demand for better malware detection models has grown. To this end, an advanced intelligent IoT malware detection model is proposed based on deep learning and ensemble learning algorithms, called DEMD-IoT (Deep Ensemble Malware Detection for IoT). The DEMD-IoT includes two main parts: I) a stack of three one-dimensional convolutional neural networks with different structures to learn various patterns of IoT network traffic, and II) a meta-learner on top of three pre-trained base-learners, which integrates the outcomes and yields the final prediction result. To find the best meta-learner, different machine learning algorithms are examined. Finally, the Random Forest algorithm was chosen for the second part of the model. The main advantages of the DEMD-IoT are utilizing an ensemble learning approach to achieve higher performance and applying a hyperparameter optimization algorithm to find the best values for hyperparameters of base learners. Furthermore, to overcome the complexity and high time consumption in the preprocessing phase, 1D-CNNs are applied instead of 2D-CNNs, which are widely used in malware detection. The performance of the DEMD-IoT model is evaluated with a set of experiments on the IoT-23 dataset, which contains IoT network traffic. The findings demonstrate that the proposed ensemble method achieves the best outcome with the highest accuracy 99.9%, compared to state-of-the-art machine learning, deep learning, and ensemble models.
Similar content being viewed by others
Data availability
The IoT-23 dataset used in this research is publicly available from: https://www.stratosphereips.org/datasets-iot23.
References
Abdeljaber O, Avci O, Kiranyaz S, Gabbouj M, Inman DJ (2017) Real-time vibration-based structural damage detection using one-dimensional convolutional neural networks. J Sound Vib 388:154–170
Abualigah L, Diabat A, Sumari P, Gandomi AH (2021a) Applications, deployments, and integration of internet of drones (IoD): a review. IEEE Sensors J 21:25532–25546
Abualigah L, Yousri D, Abd Elaziz M, Ewees AA, Al-Qaness MA, Gandomi AH (2021b) Aquila optimizer: a novel meta-heuristic optimization algorithm. Comput Ind Eng 157:107250
Abualigah L, Diabat A, Mirjalili S, Abd Elaziz M, Gandomi AH (2021c) The arithmetic optimization algorithm. Comput Methods Appl Mech Eng 376:113609
Ahmed AA, Jabbar WA, Sadiq AS, Patel H (2020) Deep learning-based classification model for botnet attack detection. J Ambient Intell Human Comput 1–10
Al-Abassi A, Karimipour H, Dehghantanha A, Parizi RM (2020) An ensemble deep learning-based cyber-attack detection in industrial control system. IEEE Access 8:83965–83973
Ali F (2017) A malware analysis and detection system for mobile devices/Ali Feizollah. University of Malaya, Malaysia
Alkahtani H, Aldhyani TH (2021) Botnet attack detection by using CNN-LSTM model for internet of things applications. Secur Commun Netw 2021:1–23
Apthorpe N, Reisman D, Feamster N (2017) A smart home is no castle: privacy vulnerabilities of encrypted iot traffic. arXiv preprint, arXiv:1705.06805
Balan S, Howell P (2019) A machine learning approach for network traffic analysis using random forest regression. ACET J Comp Educ Res 13(1)
Banerjee M, Samantaray S (2019) Network traffic analysis based IoT botnet detection using honeynet data applying classification techniques. Int J Comp Sci Inf Secur (IJCSIS) 17(8)
Barut O, Luo Y, Zhang T, Li W, Li P (2020) NetML: a challenge for network traffic analytics. arXiv preprint, arXiv:2004.13006
Bendiab G, Shiaeles S, Alruban A, Kolokotronis N (2020) IoT malware network traffic classification using visual representation and deep learning. In: 2020 6th IEEE conference on network softwarization (NetSoft). IEEE, pp 444–449
Binary Crossentropy (2022) https://peltarion.com/knowledge-center/documentation/modeling-view/build-an-ai-model/loss-functions/binary-crossentropy. Accessed 2 January 2022
Borges J (2021) The power of ensembles in deep learning. https://towardsdatascience.com/the-power-of-ensembles-in-deep-learning-a8900ff42be9. Accessed 15 June 2021
Brownlee J (2019) A gentle introduction to the rectified linear unit (ReLU)
De Lucia MJ, Cotton C (2019) Detection of encrypted malicious network traffic using machine learning. In: MILCOM 2019—2019 IEEE military communications conference (MILCOM). IEEE, pp 1–6
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for internet of things. Futur Gener Comput Syst 82:761–768
Doshi R, Apthorpe N, Feamster N (2018) Machine learning ddos detection for consumer internet of things devices. In: 2018 IEEE security and privacy workshops (SPW). IEEE, pp 29–35
Dzulqarnain D (2019) Investigating IoT malware characteristics to improve network security. University of Twente, Netherlands
Engel VJL, Joshua E, Engel MM (2020) Detection of cyber malware attack based on network traffic features using neural network. Khazanah Inf J Ilmu Komp Inform 6(1):26–32
Ganaie M, Hu M (2021) Ensemble deep learning: a review. arXiv preprint, arXiv:2104.02395
Gandhi R, Li Y (2021) Comparing machine learning and deep learning for IoT Botnet detection. In: 2021 IEEE international conference on smart computing (SMARTCOMP). IEEE, pp 234–239
Gandotra E, Bansal D, Sofat S (2014) Malware analysis and classification: a survey. J Inf Secur 2014
Gao N, Gao L, Gao Q, Wang H (2014) An intrusion detection model based on deep belief networks. In: 2014 Second international conference on advanced cloud and big data. IEEE, pp 247–252
Gaonkar S, Dessai NF, Costa J, Borkar A, Aswale S, Shetgaonkar P (2020) A survey on botnet detection techniques. In: 2020 international conference on emerging trends in information technology and engineering (ic-ETITE). IEEE, pp 1–6
García S, Uhlíř V, Rehak M (2014) Identifying and modeling botnet C&C behaviors. In: Proceedings of the 1st international workshop on agents and cybersecurity, pp 1–8
Go JH, Jan T, Mohanty M, Patel OP, Puthal D, Prasad M (2020) Visualization approach for malware classification with ResNeXt. In: 2020 IEEE congress on evolutionary computation (CEC). IEEE, pp 1–7
Gozzoli A (2018) Practical guide to hyperparameters optimization for deep learning models. In: FloydHub
Hamza AA, Abdel Halim IT, Sobh MA, Bahaa-Eldin AM (2022) HSAS-MD analyzer: a hybrid security analysis system using model-checking technique and deep learning for malware detection in IoT apps. Sensors 22(3):1079
Hinz T, Navarro-Guerrero N, Magg S, Wermter S (2018) Speeding up the hyperparameter optimization of deep convolutional neural networks. Int J Comput Intell Appl 17(02):1850008
Ioffe S, Szegedy C (2015) Batch normalization: accelerating deep network training by reducing internal covariate shift. In: International conference on machine learning. PMLR, pp 448–456
Jamal A, Hayat MF, Nasir M (2022) Malware detection and classification in IoT network using ANN. Mehran Univ Res J Eng Technol 41(1):80–91
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: Mirai and other botnets. Computer 50(7):80–84
Kumar A, Lim TJ (2019) EDIMA: early detection of IoT malware network activity using machine learning techniques. In: 2019 IEEE 5th world forum on internet of things (WF-IoT). IEEE, pp 289–294
Li H, Ota K, Dong M (2018) Learning IoT in edge: deep learning for the internet of things with edge computing. IEEE Netw 32(1):96–101
Liu Z et al (2018) An integrated architecture for IoT malware analysis and detection. In: International conference on internet of things as a service. Springer, pp 127–137
Lopez-Martin M, Carro B, Sanchez-Esguevillas A, Lloret J (2017) Network traffic classifier with convolutional and recurrent neural networks for internet of things. IEEE Access 5:18042–18050
Lotfollahi M, Jafari Siavoshani M, Shirali Hossein Zade R, Saberian M (2020) Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput 24(3):1999–2012
Marín G, Casas P, Capdehourat G (2019) Deep in the dark-deep learning-based malware traffic detection without expert knowledge. In: 2019 IEEE security and privacy workshops (SPW). IEEE, pp 36–42
Marín Freire GM (2019) Deep learning for the analysis of network traffic measurements
Meidan Y et al (2018) N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17(3):12–22
Nguyen GL, Dumba B, Ngo Q-D, Le H-V, Nguyen TN (2022) A collaborative approach to early detection of IoT Botnet. Comput Electr Eng 97:107525
Parameswaran Lakshmi S (2020) A lightweight 1-D CNN model to detect android malware on the mobile phone. National College of Ireland, Dublin
Parmisano A, Garcia S, Erquiaga M (2020) A labeled dataset with malicious and benign iot network traffic. Stratosphere Laboratory, Praha, Czech Republic
Puerta JG, Pastor-López I, Sanz B, Bringas PG (2019) Network traffic analysis for android malware detection. In: International conference on hybrid artificial intelligence systems. Springer, pp 468–479
Riad K, Huang T, Ke L (2020) A dynamic and hierarchical access control for IoT in multi-authority cloud storage. J Netw Comput Appl 160:102633
Rouzbahani HM, Bahrami AH, Karimipour H (2021) A snapshot ensemble deep neural network model for attack detection in industrial internet of things. In: AI-enabled threat detection and security analysis for industrial IoT. Springer, pp 181–194
Saharkhizan M, Azmoodeh A, Dehghantanha A, Choo K-KR, Parizi RM (2020) An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic. IEEE Internet Things J 7(9):8852–8859
Sahu AK, Sharma S, Tanveer M, Raja R (2021) Internet of things attack detection using hybrid deep learning model. Comput Commun 176:146–154
Shire R, Shiaeles S, Bendiab K, Ghita B, Kolokotronis N (2019) Malware squid: a novel iot malware traffic analysis framework using convolutional neural network and binary visualisation. In: Internet of things, smart spaces, and next generation networks and systems. Springer, pp 65–76
Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929–1958
Tahaei H, Afifi F, Asemi A, Zaki F, Anuar NB (2020) The rise of traffic classification in IoT networks: a survey. J Netw Comput Appl 154:102538
Taheri R, Ghahramani M, Javidan R, Shojafar M, Pooranian Z, Conti M (2020) Similarity-based Android malware detection using Hamming distance of static binary features. Futur Gener Comput Syst 105:230–247
Torres P, Catania C, Garcia S, Garino CG (2016) An analysis of recurrent neural networks for botnet detection behavior. In: 2016 IEEE biennial congress of Argentina (ARGENCON). IEEE, pp. 1–6
Wang W, Zhu M, Wang J, Zeng X, Yang Z (2017a) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017a IEEE international conference on intelligence and security informatics (ISI). IEEE, pp 43–48
Wang W, Zhu M, Zeng X, Ye X, Sheng Y (2017b) Malware traffic classification using convolutional neural network for representation learning. In: 2017b International conference on information networking (ICOIN). IEEE, pp 712–717
Wu O (2018) Classifier ensemble by exploring supplementary ordering information. IEEE Trans Knowl Data Eng 30(11):2065–2077
Xing X, Jin X, Elahi H, Jiang H, Wang G (2022) A malware detection approach using autoencoder in deep learning. IEEE Access 10:25696–25706
Yeo M et al (2018) Flow-based malware detection using convolutional neural network. In: 2018 international conference on information networking (ICOIN). IEEE, pp 910–913
Yu Z et al (2017) Hybrid incremental ensemble learning for noisy real-world data classification. IEEE Trans Cybern 49(2):403–416
Zeek (2021) https://zeek.org/about/. Accessed 29 April 2021
Zhu H, Li Y, Li R, Li J, You Z, Song H (2020) SEDMDroid: an enhanced stacking ensemble framework for Android malware detection. IEEE Trans Netw Sci Eng 8(2):984–994
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that there is no conflict of interest.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Nobakht, M., Javidan, R. & Pourebrahimi, A. DEMD-IoT: a deep ensemble model for IoT malware detection using CNNs and network traffic. Evolving Systems 14, 461–477 (2023). https://doi.org/10.1007/s12530-022-09471-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12530-022-09471-z