MTHAEL Turns CNN and RNN Deep Learning Algorithms on IoT Malware, with Impressive Results

Combined neural network approach allows for cross-architecture malware detection with up to 99.98% success in 0.32 seconds.

Computer scientists at Tsinghua University, Charles Darwin University, and Melbourne Polytechnic have published a paper detailing a neural network system capable, they claim, of detecting cross-architecture malware targeting the Internet of Things: MTHAEL.

"The complexity, sophistication, and impact of malware evolve with industrial revolution and technology advancements," the team claims in the paper's abstract. "This article discusses and proposes a robust cross-architecture IoT malware threat hunting model based on advanced ensemble learning (MTHAEL). Our unique MTHAEL model using stacked ensemble of heterogeneous feature selection algorithms and state-of-the-art neural networks to learn different levels of semantic features demonstrates enhanced IoT malware detection than existing approaches.

"MTHAEL is the first of its kind that effectively optimizes recurrent neural network (RNN) and convolutional neural network (CNN) with high classification accuracy and consistently low computational overheads on different IoT architectures."

According to the team's tests, the MTHAEL system outperforms current approaches for detecting cross-architecture malware on IoT devices: Tested on a Raspberry Pi 4 and an Intel Core i5 system, to showcase Arm and x86 compatibility respectively, MTHAEL was able to detect 99.98 percent of the Arm-specific malware in a 21,137-sample corpus and 97.02 percent of mixed-architecture malware β€” and took just 0.32 seconds, on average, to do so.

"We conclude that MTHAEL is effective in detecting zero-day malware on a new IoT architecture by training on malware samples from existing common architectures like Intel 80386," the team writes. "In all these experiments, MTHAEL consistently outperformed existing baseline approaches in detection accuracy as well as computational overheads."

"We envisage extensions of this study as part of our future research work in the following directions: (1) to conduct experiments evaluating MTHAEL for large-scale IoT applications and multi-class prediction with a specific focus in improving the classification techniques for a more diverse set of adversarial attacks of IoT; (2) to explore and determine the relationships of malware instances and attack trends indifferent IoT architectures; and (3) to investigate novel deep learning approaches in the stackable ensemble learning of MTHAEL for achieving further improvements in the model."

The team's work has been published in the journal IEEE Transactions on Computers under closed-access terms.

Gareth Halfacree
Freelance journalist, technical author, hacker, tinkerer, erstwhile sysadmin. For hire:
Related articles
Sponsored articles
Related articles