Hybrid Malware Detection Based on Bi-LSTM and SPP-Net for Smart IoT

Abstract

In this article, we propose the hybrid malware detection scheme, HyMalD, with bidirectional long short-term memory (Bi-LSTM) and the spatial pyramid pooling network (SPP-Net). Its purpose is to protect Internet of Things (IoT) devices and minimize the damage caused by infection through obfuscated malware. HyMalD performs the static and dynamic analyses logically simultaneously to detect obfuscated malware, which is impossible to do using static analysis alone. First, it extracts static features of the opcode sequence using a reconstructed dataset according to the obfuscation and extracts the application programming interface (API) call sequence dynamically. The extracted features are trained through the Bi-LSTM and SPP-Net models, which HyMalD uses to detect and classify IoT malware. The performance of HyMalD was evaluated, and its detection accuracy was 92.5%. The false-negative rate (FNR) of HyMalD was 7.67%. Thus, HyMalD detects IoT malware more accurately and with a lower FNR than in the static analysis, which had 92.09% detection accuracy and 9.97% FNR.