Wireless Personal Communications

, Volume 108, Issue 4, pp 2609–2629 | Cite as

Detection of Malicious Activities in Internet of Things Environment Based on Binary Visualization and Machine Intelligence

  • Hamad NaeemEmail author


Internet of Things (IoT) devices are increasingly deployed for different purposes such as data sensing, collecting and controlling. IoT improves user experiences by allowing a large number of smart devices to connect and share information. Many existing malware attacks, targeted at traditional computers connected to the Internet, may also be directed at IoT devices. Therefore, efficient protection at IoT devices could save millions of internet users from malicious activities. However, existing malware detection approaches suffer from high computational complexity. In this study, we propose a more accurate and fast model for detecting malware in the IoT environment. We introduce a Malware Threat Hunting System (MTHS) in the proposed model. MTHS first converts malware binary into a color image and then conducts the machine or deep learning analysis for efficient malware detection. We finally prepare a baseline to compare the performance of MTHS with traditional state-of-the-art malware detection approaches. We conduct experiments on two public datasets of Windows and Android software. The experimental results indicate that the response time and the detection accuracy of MTHS are better than those of previous machine learning and deep learning approaches.


Cyber security Color image Deep learning Internet of things Malware detection MTHS Machine learning Visualization 



  1. 1.
    Yilin, Y., Lifa, W., Zheng, H., & Kangyu, H. (2017). A risk classification based approach for android malware detection. KSII Transactions on Internet and Information Systems, 11(2), 959–981.Google Scholar
  2. 2.
    Asaf, S., Robert, M., Yuval, E., & Chanan, G. (2009). Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report, 14(1), 16–29.CrossRefGoogle Scholar
  3. 3.
    Manuel, E., Theodoor, S., Engin, K., & Christopher, K. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Transaction, 44(2), 1–42.Google Scholar
  4. 4.
  5. 5.
    OllyDbg. Accessed 9 May 2019.
  6. 6.
    Ekta, G., Divya, B., & Sanjeev, S. (2014). Malware analysis and classification: A survey. Journal of Information Security, 5, 56–64.CrossRefGoogle Scholar
  7. 7.
    Moser, A., Kruegel, C., & Kirda, E. (2007). Limits of static analysis for malware detection. In Proceeding of 2007 conference on annual computer security applications, 421–430.Google Scholar
  8. 8.
    Eul, G. I., KyoungSoo, H., Jae, H. L., & Boojoong, K. (2014). Malware analysis using visualized images and entropy graphs. International Journal of Information Security, 14, 1–14.Google Scholar
  9. 9.
    KyoungSoo, H., Jae, H. L., Boojoong, K., & Eul, G. I. (2014). Malware analysis using visualized image matrices. The Scientific World Journal, 2014, 1–15.Google Scholar
  10. 10.
    Lakshman, N. S., Karthikeyan, G. J., & Manjunath, B. S. (2011). Malware images: Visualization and automatic classification, In Proceeding of 2011 ACM conference on visualization for cyber security, 1–4.Google Scholar
  11. 11.
    Ban, X., Chen, L., Hu, W., & Wu, Q. (2014). Malware variant detection using similarity search over content fingerprint, In Proceeding of 2014 IEEE conference on control and decision, 5334–5339.Google Scholar
  12. 12.
    Oliva, A., & Torralba, A. (2001). Modeling the shape of the scene: A holistic representation of the spatial envelope. International journal of computer vision, 42, 145–175.zbMATHCrossRefGoogle Scholar
  13. 13.
    Barath, N. N., Ouboti, D. B., & Temesguen, M. K. (2016). Pattern recognition algorithms for malware classification, In Proceeding of 2016 IEEE conference of aerospace and electronics, 338–342.Google Scholar
  14. 14.
    Kesav, K., John, D., & Srinivas, M. (2016). Packer identification using Byte plot and Markov plot. Journal of Computer Hacking Virology Techniques, 12(2), 101–111.CrossRefGoogle Scholar
  15. 15.
    Kesav, K., & Srinivas, M. (2013).Image visualization based malware detection, In Proceeding of 2013 IEEE conference on computational intelligence in cyber security, 40–44.Google Scholar
  16. 16.
    Bay, H., Ess, A., Tuytelaars, T., & Van, G. L. (2008). Computer vision and image understanding. Speeded-Up Robust Features (SURF), 110, 346–359.Google Scholar
  17. 17.
    Lowe, D. (1999). Object recognition from local scale-invariant features. ICCV, 99(2), 1150–1157.Google Scholar
  18. 18.
    Jae, H. L., KyoungSoo, H., & Eul, G. I., (2013). Malware analysis method using visualization of binary files In Proceeding of 2013 ACM conference on research in adaptive and convergent systems, 317–321.Google Scholar
  19. 19.
    Aziz, M., & Anita, P. (2017). Malware class recognition using image processing techniques, In Proceeding of 2017 IEEE conference on data management, analytics and innovation, 76–80.Google Scholar
  20. 20.
    Mahmoud, K., Mrigank, R., Noman, M., Neil, D. B., Yang, W., & Farkhund, I. (2018). Malware classification with deep convolutional neural networks, In Proceeding of 9th IFIP international conference on new technologies, mobility and security (NTMS), 1–5.Google Scholar
  21. 21.
    Rajesh, K., Zhang, X., Riaz, U. K., Ijaz, A., & Jay, K. (2018). Malicious code detection based on image processing using deep learning, In Proceeding of international conference on computing and artificial intelligence (ICCAI), 81–85.Google Scholar
  22. 22.
    Zhihua, C., Fei, X., Xingjuan, C., Yang, C., Gai-ge, W., & Jinjun, C. (2018). Detection of malicious code variants based on deep learning. IEEE Transactions on Industrial Informatics, 14(7), 3187–3196.CrossRefGoogle Scholar
  23. 23.
    Al-hawawreh, M., Moustafa, N., & Sitnikova, E. (2018). Identification of malicious activities in industrial internet of things based on deep learning models. Journal of Information Security and Applications, 41, 1–11.CrossRefGoogle Scholar
  24. 24.
    Fei-Fei, L., & Perona, P. (2005). A Bayesian hierarchical model for learning natural scene categories, In Proceedings of 2005 IEEE computer vision and pattern recognition, 524–531.Google Scholar
  25. 25.
    Hashemi, H., & Hamzeh, A. (2018). Visual Malware Detection Using Local Malicious Pattern. Journal of Computer Virology and Hacking Techniques, 15(1), 1–14.CrossRefGoogle Scholar
  26. 26.
    Tian, Q., & Zhang, S. (2009). Descriptive visual word sand visual phrases for image applications (pp. 19–24). France: ACM Multimedia.Google Scholar
  27. 27.
    Wu, J., & Yu, Z. (2016). Good practices for learning to recognize actions using FV and VLAD. IEEE Transaction on cybernetic, 46(12), 2978–2990.CrossRefGoogle Scholar
  28. 28.
    Ma, B., Su, Y., & Jurie, F. (2012). Local descriptors encoded by fisher vectors for person re-identification, In Proceedings of European conference on computer vision, 413–422.Google Scholar
  29. 29.
    Oliva, A., & Torralba, A. (2006). Building the gist of a scene: The role of global image features, progress in brain research, 15.Google Scholar
  30. 30.
    Hamad, N., Bing, G., Muhammad, R. N., Farhan, U., Hamzah, A., & Muhammad, S. J. (2019). Identification of malicious code variants based on image visualization. Computers & Electrical Engineering, 76, 225–237.CrossRefGoogle Scholar
  31. 31.
    Hamad, N., Bing, G., Muhammad, R. N., Muhammad, A., & Muhammad, S. J. (2017). A new approach for image detection based on refined Bag of Words algorithm. Optik - International Journal for Light and Electron Optics, 140, 823–832.CrossRefGoogle Scholar
  32. 32.
    Jorge, S., Florent, P., Thomas, M., & Jakob, V. (2013). Image classification with the fisher vector: Theory and practice. International Journal of Computer Vision, 105(3), 222–245.MathSciNetzbMATHCrossRefGoogle Scholar
  33. 33.
    Bouvrie, J. (2006). Notes on convolutional neural networks, technical notes.Google Scholar
  34. 34.
    Nitish, S., Geoffrey, H., Alex, K., Ilya, S., & Ruslan, S. (2014). Dropout: A simple way to prevent neural networks from over fitting. Journal of Machine Learning Research, 15(1), 1929–1958.MathSciNetzbMATHGoogle Scholar
  35. 35.
    Songqing, Y. (2017). Imbalanced malware images classification: A CNN based Approach. Cornell University Library, 1–6.Google Scholar
  36. 36.
    Abien, F. M., & Francis, J. H. P. (2017). Towards building an intelligent anti-malware system: A deep learning approach using support vector machine (SVM) for malware classification, Technical report, 1–5.Google Scholar
  37. 37.
    Zhihua, C., Lei, D., Penghong, W., Xingjuan, C., & Wensheng, Z. (2019). Malicious code detection based on CNNs and multi-objective algorithm, Journal of Parallel and Distributed Computing, 50–58.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.College of Computer ScienceSichuan UniversityChengduChina

Personalised recommendations