Federated malware detection based on many‐objective optimization in cross‐architectural IoT

Abstract

SummaryWith the rising adoption of the Internet of Things (IoT) across a variety of industries, malware is increasingly targeting the large number of IoT devices that lack adequate protection. Malware hunting is challenging in the IoT due to the variety of instruction set architectures of devices, as shown by the differences in the relevant characteristics of malware on different platforms. There are also serious concerns about resource utilization and privacy leaks in the development of conventional detection models. This study suggests a novel federated malware detection framework based on many‐objective optimization (FMDMO) for the IoT to overcome the problems. First, the framework provides a cross‐platform compatible basis with the federated mechanism as the backbone, while avoiding raw data sharing to improve privacy protection. Second, an intelligent optimization‐based client selection method is designed for four objectives: learning performance, architectural selection deviation, time consumption, and training stability, which leads malware detection to retain a high degree of cross‐architectural generalization while enhancing training efficiency. Based on a large IoT malware dataset we constructed, containing 62,515 malware samples across seven typical architectures, the FMDMO is evaluated comprehensively in three scenarios. The experimental results demonstrate the FMDMO substantially enhances the model's cross‐platform detection performance while preserving effective training and flexibility.