Deep learning based cross architecture internet of things malware detection and classification

The number of publicly exposed Internet of Things (IoT) devices has been increasing, as more number of these devices connected to the internet with default settings. The devices accessed with default credentials are getting compromised with brute force attempts or the vulnerable devices are compromised with exploits to install the malware and perform malicious activity like initiating denial of service (DoS) attacks. The malware detection and classification in IoT paradigm is still considered a problem, as the adversary consistently create new variants of IoT malware and actively look for compromising the victim devices. In this paper, we proposed a Deep Learning (DL) based Bidirectional-Gated Recurrent Unit-Convolutional Neural Network (Bi-GRU-CNN) model to detect the IoT malware and classify the IoT malware families using Executable and Linkable Format (ELF, formerly named Extensible Linking Format) binary file byte sequences as an input feature. In addition, Recurrent Neural Network (RNN) based DL model combinations are considered to evaluate the performances of the IoT malware detection and family classification and also those models performance is compared with the proposed method. Our performance evaluation shows that our proposed approach obtained 100% accuracy for IoT malware detection case and 98% for IoT malware family classification. Further evaluation of our proposed model with only byte sequence as an input feature exhibit similar performance as the byte sequence and CPU types as an input features and showed that our model is robust and platform independent to detect and classify the IoT malware.