BERTDeep-Ware: a cross-architecture malware detection solution for IoT systems

Salma Abdalla Hamad, Dave Hoang Tran, Quan Z. Sheng, Wei Emma Zhang

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)

Abstract

Malware is widely regarded as one of the most severe security threats to modern technologies. Detecting malware in the Internet of Things (IoT) infrastructures is a critical and complicated task. The complexity of this task increases with the recent growth of malware variants targeting different IoT CPU architectures since the new malware variants often use anti-forensic techniques to avoid detection and investigation. There-fore, we cannot utilize the traditional machine learning (ML) techniques that require domain knowledge and sophisticated feature engineering in detecting the unseen mal ware variants. Re-cent deep learning approaches have performed well on mal ware analysis and detection while using minimum feature engineering requirements. In this paper, we propose BERTDeep- Ware, a real-time cross-architecture malware detection solution tailored for IoT systems. BERTDeep- Ware analyzes the executable file's operation codes (OpCodes) sequence representations using Bidi-rectional Encoder Representations from Transformers (BERT) Embedding, the state-of-the-art natural language processing (NLP) approach. The extracted sentence embedding from BERT is fed into a customized hybrid multi-head CNN-BiLSTM-LocAtt model. This deep learning (DL) model combines the convolutional neural network (CNN), bidirectional long short-term memory (BiLSTM), and the local attention mechanisms (locAtt) to capture contextual features and long-term dependencies between OpCode sequences. We train and evaluate BERTDeep- Ware using the datasets created for three different CPU architectures. The performance evaluation results confirm that the proposed multi-head CNN-BiLSTM-LocAtt model produces more accurate classification results with higher detection rates and lower false positives than a number of baseline ML and DL models.
Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
EditorsLiang Zhao, Neeraj Kumar, Robert C. Hsu, Deqing Zou
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages927-934
Number of pages8
ISBN (Electronic)9781665416580
DOIs
Publication statusPublished - 2021
Event20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021 - Shenyang, China
Duration: 20 Oct 202122 Oct 2022

Publication series

NameIEEE International Conference on Trust Security and Privacy in Computing and Communications
PublisherIEEE COMPUTER SOC
ISSN (Print)2324-898X

Conference

Conference20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
Country/TerritoryChina
CityShenyang
Period20/10/2122/10/22

Keywords

  • Malware Detection
  • Embedded Devices
  • IoT
  • Static Analysis
  • Deep Learning

Fingerprint

Dive into the research topics of 'BERTDeep-Ware: a cross-architecture malware detection solution for IoT systems'. Together they form a unique fingerprint.

Cite this