IoT Malware Classification Based on Lightweight Convolutional Neural Networks

Abstract

Internet of Things (IoT) is hard to deploy adequate security defenses due to the diversity of architectures as well as the limited computing and storage capabilities, which makes it more vulnerable to malware. With the massive deployment of IoT devices, how to accurately identify and classify the malware variants is crucial to IoT security. However, existing methods of IoT malware classification generally support specific platform or require complex models to achieve higher accuracies. To solve these problems, this article proposes an IoT malware classification method based on lightweight convolutional neural networks (LCNNs). First, the malware binaries are converted into multidimensional Markov images. Then, the LCNN is designed with two new operations, depthwise convolution and channel shuffle, for malware images classification. Compared with other deep learning-based methods such as VGG16, the designed LCNN can greatly reduce trainable parameters while maintaining accuracy. The generated model of LCNN is only about 1 MB, while that of VGG16 is 552.57 MB. The average accuracies of the proposed method are higher than that of gray images on multiple IoT malware data sets, all of which are over 95%. Compared with the state-of-the-art low-level features-based methods, the average accuracy of the proposed method is 99.356% on the Microsoft data set even if the model is tiny. The results show that the proposed method is not only suitable for IoT environments but also has high accuracy.