Chapter 3 - Behavioral malware detection and classification using deep learning approaches

Abstract

Internet of Things (IoT) offers several potential benefits to users with smart devices. The computer system is facing a lot of security challenges in recent days. Generally, IoT devices are more vulnerable to attacks as similar to the computer systems available in the IoT environment. Behavioral malware detection and classification are proposed to safeguard IoT devices from being hacked. The current malware detection approaches are knowledge intensive and time consuming to identify behaviors and extract patterns from benign or malicious samples. Moreover, no domain expert knowledge is required in behavioral malware detection using deep learning approaches, and it is completely dependent on a data-driven approach for feature identification and complex pattern analysis. Static and dynamic malware analysis is performed to compare the benefits and challenges for malware detection and classification. The architecture of convolutional neural networks (CNNs) with one convolution layer and one densely connected layer is discussed. Several approaches are analyzed comparatively based on certain factors including dataset size, accuracy, precision, and recall. The chapter is concluded by summarizing the challenges and future research directions for using CNN approaches for malware detection and classification. Finally, this study concludes that the cybersecurity analyst prefers rule-based or signature-based systems for malware detection rather than the neural-based models, as they are easy to diagnose any problem that may arise. Hence, intensive research is required to facilitate interoperability among models in malware detection and classification. A convolution network with two convolution layers and one densely connected layer can detect a malware file with 99.8% accuracy.