Research PaperNo Access

A Deep Convolutional Neural Network Stacked Ensemble for Malware Threat Classification in Internet of Things

Hamad Naeem

School of Computer Science and Technology, Zhoukou Normal University, Zhoukou 466001, Henan, P. R. China

E-mail Address: hamadnaeemh@yahoo.com

Hamad Naeem and Farhan Ullah contributed equally to this work.

Search for more papers by this author

Xiaochun Cheng

Department of Computer Science, Middlesex University, London NW4 4BT, United Kingdom

Search for more papers by this author

Farhan Ullah

https://orcid.org/0000-0002-1030-1275

School of Software, Northwestern Polytechnical University, Xi’an 710072, Shaanxi, P. R. China

E-mail Address: farhankhan.cs@yahoo.com

Corresponding author.

Hamad Naeem and Farhan Ullah contributed equally to this work.

Search for more papers by this author

Sohail Jabbar

Department of Computational Sciences, The University of Faisalabad, Faisalabad 38000, Pakistan

Search for more papers by this author

, and

Shi Dong

School of Computer Science and Technology, Zhoukou Normal University, Zhoukou 466001, Henan, P. R. China

Search for more papers by this author

https://doi.org/10.1142/S0218126622503029Cited by:22 (Source: Crossref)

Abstract

Malicious attacks to software applications are on the rise as more people use Internet of things (IoT) devices and high-speed internet. When a software system crash happens caused by malicious action, a malware imaging method can examine the application. In this study, we present a novel malware classification method that captures suspected operations in a variety of discrete size image features, allowing us to identify such IoT device malware families. To decrease deep neural network training time, essential local and global image features are selected using a combined local and global feature descriptor (LBP-GLCM). The classification performance of the proposed deep learning model is improved by combining the predictions of weak learners (CNNs) and using them as knowledge input to a multi-layer perceptron meta learner. This is a neural network ensemble with stacked generalization that is used to improve network generalization ability. The public dataset used for performance evaluation contains 5472 samples from 11 different malware families. In order to compare the proposed methodology to current malware detection systems, we developed a baseline experiment. The proposed approach improved malware classification results to 98.5% accuracy and 98.4% accuracy when using $256 \times 256$ $256 \times 256$ and $200 \times 200$ $200 \times 200$ image sizes, respectively. Overall, the results showed that the stacked generalization ensemble with multi-step extracting features is a more effective method for classification performance and response time.

This paper was recommended by Regional Editor Takuro Sato.

Keywords:

References

1. D. Uppal, V. Mehra and V. Verma , Basic survey on malware analysis, tools and techniques, Int. J. Comput. Sci. Appl. 4 (2014) 103. Google Scholar
2. R. Vinayakumar, K. Soman, P. Poornachandran and S. Sachin Kumar , Detecting android malware using long short-term memory (lstm), J. Intelli. Fuzzy Syst. 34 (2018) 1277–1288. Crossref, Web of Science, Google Scholar
3. R. Vinayakumar, K. Soman and P. Poorna Chandran , Deep android malware detection and classification, 2017 Int. Conf. Advances in Computing, Communications and Informatics (ICACCI) (IEEE, 2017), pp. 1677–1683. Crossref, Google Scholar
4. K. Liu, S. Xu, G. Xu, M. Zhang, D. Sun and H. Liu , A review of android malware detection approaches based on machine learning, IEEE Access 8 (2020) 124579–124607. Crossref, Google Scholar
5. Z. Wang, Q. Liu and Y. Chi , Review of android malware detection based on deep learning, IEEE Access 8 (2020) 181102–181126. Crossref, Google Scholar
6. J. Zhao, R. Masood and S. Seneviratne , A review of computer vision methods in network security, IEEE Commun. Surv. Tutorials 23(3) (2021) 1838–1878. Crossref, Web of Science, Google Scholar
7. K. Yu, Z. Guo, Y. Shen, W. Wang, J. C.-W. Lin and T. Sato , Secure artificial intelligence of things for implicit group recommendations, IEEE Internet Things J. 9 (2022) 2698–2707. Crossref, Web of Science, Google Scholar
8. H. M. Ünver and K. Bakour , Android malware detection based on image-based features and machine learning techniques, SN Appl. Sci. 2 (2020) 1–15. Crossref, Web of Science, Google Scholar
9. H. Chen, R. Du, Z. Liu and H. Xu , Android malware classification using xgboost based on images patterns, 2018 IEEE 4th Information Technology and Mechatronics Engineering Conference (ITOEC) (IEEE, 2018), pp. 1358–1362. Crossref, Google Scholar
10. F. M. Darus, N. A. Ahmad and A. F. M. Ariffin , Android malware classification using xgboost on data image pattern, 2019 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS) (IEEE, 2019), pp. 118–122. Crossref, Google Scholar
11. W. Huang, E. Hou, L. Zheng and W. Feng , Mixdroid: A multi-features and multi-classifiers bagging system for android malware detection, AIP Conf. Proc., Vol. 1967 (AIP Publishing LLC, 2018), p. 020015. Crossref, Google Scholar
12. Y. Keping, L. Tan, C. Yang, K. R. Choo, A. K. Bashir, J. J. Rodrigues and T. Sato , A blockchain-based shamir’s threshold cryptography scheme for data protection in industrial internet of things settings, IEEE Internet Things J. 9 (2021) 8154–8167. Web of Science, Google Scholar
13. L. Tan, Y. Keping, F. Ming, X. Chen and G. Srivastava , Secure and resilient artificial intelligence of things: a HoneyNet approach for threat detection and situational awareness, IEEE Consumer Electronics Magazine, 19 May 2021. Web of Science, Google Scholar
14. S. Gu, S. Cheng and W. Zhang , From image to code: Executable adversarial examples of android applications, Proc. 2020 6th Int. Conf. Computing and Artificial Intelligence (2020), pp. 261–268. Crossref, Google Scholar
15. J. Jung, J. Choi, S.-J. Cho, S. Han, M. Park and Y. Hwang , Android malware detection using convolutional neural networks and data section images, Proceedings of the 2018 Conference on Research in Adaptive and Convergent Systems (2018), pp. 149–153. Crossref, Google Scholar
16. W. Zhang, N. Luktarhan, C. Ding and B. Lu , Android malware detection using tcn with bytecode image, Symmetry 13 (2021) 1107. Crossref, Web of Science, Google Scholar
17. N. Lachtar, D. Ibdah and A. Bacha , Towards mobile malware detection through convolutional neural networks, IEEE Embedded Syst. Lett. 13 (2020) 134–137. Crossref, Web of Science, Google Scholar
18. K. Yu, L. Tan, X. Shang, J. Huang, G. Srivastava and P. Chatterjee , Efficient and privacy-preserving medical research support platform against COVID-19: A blockchain-based approach, IEEE Consumer Electronics Mag. 10 (2020) 111–120. Crossref, Web of Science, Google Scholar
19. K. Yu, L. Tan, L. Lin, X. Cheng, Z. Yi and T. Sato , Deep-learning-empowered breast cancer auxiliary diagnosis for 5GB remote E-health, IEEE Wirel. Commun. 28 (2021) 54–61. Crossref, Web of Science, Google Scholar
20. Y.-S. Yen and H.-M. Sun , an android mutation malware detection based on deep learning using visualization of importance from codes, Microelectronics Reliab. 93 (2019) 109–114. Crossref, Web of Science, Google Scholar
21. F. Ullah, H. Naeem et al., Cyber security threats detection in internet of things using deep learning approach, IEEE Access 7 (2019) 124379–124389. Crossref, Web of Science, Google Scholar
22. A. Schranko de Oliveira and R. J. Sassi, Chimera: An android malware detection method based on multimodal deep learning and hybrid analysis. TechRxiv. (2020) 1–17. Google Scholar
23. H. Naeem, B. Guo, F. Ullah and M. R. Naeem , A cross-platform malware variant classification based on image representation, KSII Trans. Internet Inf. Syst. 13 (2019) 3756–3777. Web of Science, Google Scholar
24. H. Naeem, F. Ullah, M. R. Naeem et al., Malware detection in industrial internet of things based on hybrid image visualization and deep learning model, Ad Hoc Netw. 105 (2020) 102154. Crossref, Web of Science, Google Scholar
25. F. Mercaldo and A. Santone , Deep learning for image-based mobile malware detection, J. Computer Virol. Hacking Tech. 16 (2020) 1–15. Web of Science, Google Scholar