Deep Learning IoT Malware Analysis: Investigation and Understanding

Deep Learning IoT Malware Analysis: Investigation and Understanding

연구 분야: Safety

학회: Neural Computing and Applications

This empirical study explores the ability of lightweight convolutional neural networks (CNNs) for malware analysis in Internet of Things (IoT) environments, emphasizing the impact of input dimensionality and size on feature extraction quality. By converting malware binaries into 1D and 2D grayscale images, we systematically evaluate how varying input resolutions (e.g., 64 × 64 for 2D, 4096 for 1D) influence model performance, resource efficiency, and interpretability. Experiments on the Microsoft Malware Dataset (MMD) and IoT Malware Dataset (IMD) reveal that 1D CNN models outperform their 2D counterparts in accuracy, parameter efficiency, and training time, with gated recurrent unit (GRU) classifiers demonstrating superior performance across both dimensions. Post hoc visual interpretability techniques, including saliency maps and activation heatmaps, uncover critical feature patterns driving classification decisions, addressing the "black box" limitations of deep learning in cybersecurity. Our findings challenge the assumption that 2D models inherently excel in image-based tasks and provide actionable insights for designing resource-efficient IoT malware detection systems. By bridging the gap between model complexity and deployment feasibility, this work advances the application of explainable AI to protect IoT ecosystems against evolving cyber threats.