Multichannel Based IoT Malware Detection System Using System Calls and Opcode Sequences
Abstract: The rapid development in the field of the Internet of things gives rise to many malicious attacks, since it holds many smart objects whose lack of an efficient security framework. These kinds of security issues bring the entire halt-down situation to all smart objects that are connected to the network. In this work, multichannel Convolutional Neural Network (CNN) is proposed whereas each channel’s CNN works on each type of input parameter. This model has two channels connected in a parallel manner, with one CNN taking an opcode sequence as input and the other CNN running with system calls. These extracted system calls and opcode sequences of elf files were discriminated against using two more deep learning algorithms along with multichannel CNN, namely Recurrent Neural Network (RNN) and CNN, and a few recent existing solutions. The performance analysis of the aforementioned algorithms has been carried out and evaluated using accuracy, precision, recall, F1-measure, and time. The experimental results show that multichannel CNN outperforms the remaining considered techniques by achieving a high accuracy of 99.8% for classifying malicious samples from benign ones. The real-time Internet of Things (IoT) malware samples were collected from the IoT honeyPot (IOTPOT), which emulates different CPU architectures of IoT devices.
Keywords: System calls, IoT malwares, fog computing, RNN, CNN, multichannel CNN.
Received November 27, 2020; accepted July 29, 2021