TY - JOUR
T1 - Static Multi Feature-Based Malware Detection Using Multi SPP-net in Smart IoT Environments
AU - Jeon, Jueun
AU - Jeong, Byeonghui
AU - Baek, Seungyeon
AU - Jeong, Young Sik
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2024
Y1 - 2024
N2 - With the steady increase in the demand for Internet of Things (IoT) devices in diverse industries, such as manufacturing, medical care, and transportation infrastructure, the production of malware tailored for Smart IoT environments is also increasing. Accordingly, various malware detection studies are being conducted to detect not only known malware but also variant malware. However, it is difficult to detect malware transformed in a way that hides malicious behavior by changing and deleting bytes or modifying the assembly code. Therefore, in this study, we propose a malware detection for static security service (Mal3S) scheme that provides a secure Smart IoT environment by accurately detecting various types of malware. Mal3S extracts bytes, opcodes, API calls, strings, and dynamic link libraries (DLLs) through static analysis and then generates five types of images. Images of various sizes are trained on a multi spatial pyramid pooling network (SPP-net) model to detect malware. When evaluating the performance of Mal3S using three malware datasets, the average detection accuracy was 98.02% and the classification accuracy was 98.43%, showing better performance than existing malware detection techniques. In addition, Mal3S has demonstrated effective generalization capabilities for various types of malware.
AB - With the steady increase in the demand for Internet of Things (IoT) devices in diverse industries, such as manufacturing, medical care, and transportation infrastructure, the production of malware tailored for Smart IoT environments is also increasing. Accordingly, various malware detection studies are being conducted to detect not only known malware but also variant malware. However, it is difficult to detect malware transformed in a way that hides malicious behavior by changing and deleting bytes or modifying the assembly code. Therefore, in this study, we propose a malware detection for static security service (Mal3S) scheme that provides a secure Smart IoT environment by accurately detecting various types of malware. Mal3S extracts bytes, opcodes, API calls, strings, and dynamic link libraries (DLLs) through static analysis and then generates five types of images. Images of various sizes are trained on a multi spatial pyramid pooling network (SPP-net) model to detect malware. When evaluating the performance of Mal3S using three malware datasets, the average detection accuracy was 98.02% and the classification accuracy was 98.43%, showing better performance than existing malware detection techniques. In addition, Mal3S has demonstrated effective generalization capabilities for various types of malware.
KW - Malware detection
KW - malware image
KW - smart IoT
KW - spatial pyramid pooling network (SPP-net)
KW - static analysis
KW - static feature
UR - http://www.scopus.com/inward/record.url?scp=85182365954&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2024.3350379
DO - 10.1109/TIFS.2024.3350379
M3 - Article
AN - SCOPUS:85182365954
SN - 1556-6013
VL - 19
SP - 2487
EP - 2500
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
ER -