MTHAEL: Cross-Architecture IoT Malware Detection Based on Neural Network Advanced Ensemble Learning

Abstract

The complexity, sophistication, and impact of malware evolve with industrial revolution and technology advancements. This article discusses and proposes a robust cross-architecture IoT malware threat hunting model based on advanced ensemble learning (MTHAEL). Our unique MTHAEL model using stacked ensemble of heterogeneous feature selection algorithms and state-of-the-art neural networks to learn different levels of semantic features demonstrates enhanced IoT malware detection than existing approaches. MTHAEL is the first of its kind that effectively optimizes recurrent neural network (RNN) and convolutional neural network (CNN) with high classification accuracy and consistently low computational overheads on different IoT architectures. Cross-architecture benchmarking is performed during the training with different architectures such as ARM, Intel80386, MIPS, and MIPS+Intel80386 individually. Two different hardware architectures were employed to analyze the architecture overhead, namely Raspberry Pi 4 (ARM-based architecture) and Core-i5 (Intel-based architecture). Our proposed MTHAEL is evaluated comprehensively with a large IoT cross-architecture dataset of 21,137 samples and has achieved 99.98 percent classification accuracy for ARM architecture samples, surpassing prior related works. Overall, MTHAEL has demonstrated practical suitability for cross-architecture IoT malware detection with low computational overheads requiring only 0.32 seconds to detect Any IoT malware.