Developing a Hybrid Model for Malware Detection Using Artificial Intelligence and the Internet of Things

Aseel Hamoud Hamza; Rusul H. Altaie

doi:10.12928/biste.v8i3.15731

Authors

Aseel Hamoud Hamza University of Babylon
Rusul H. Altaie College of Arts University of Babylon

DOI:

https://doi.org/10.12928/biste.v8i3.15731

Keywords:

Artificial Intelligence, Behavioral Analysis, Hybrid Malware Detection, Internet of Things, Network Security

Abstract

The widespread adoption of Internet of Things (IoT) devices in smart homes, health care, and Industry 4.0 has brought new security challenges, especially given the growing complexity of malware and botnets threats. Conventional signature-based approaches are not always suitable for IoT device deployments due to device diversity, resource constraints, and the rise of zero-day attacks. The research introduces a multi-faceted approach to malware detection, combining signature-based methods, anomaly detection, and machine learning for better accuracy and timely detection. Data was captured from an IoT testbed comprising smart cameras, sensors and embedded devices. A dataset of 50,000 labeled network flow records was created with Wireshark and Snort, preprocessed, and then features were extracted. A Random Forest classifier was developed and combined with YARA-based signature matching and Z-score behavioral analysis, to create a hybrid detection system. The model was tested on a 7,500-sample test set, as well as in a 48-hour real-time IoT deployment trial. The testing results show that the hybrid system we propose has an accuracy of 97.4%, precision of 95.6%, recall of 96.8%, and an F1-score of 96.2%, with a false positive rate of 2.3%. The real-time test achieved 97% detection rate with an average decision time of 0.85 seconds. The system also achieved 92.1% accuracy with adversarial attacks using modified and new malicious samples. These results demonstrate that hybrid approaches using machine learning, signature analysis and behavioral analysis are effective in improving IoT malware detection. Our lightweight hybrid approach offers a lightweight, scalable and effective solution for IoT devices with limited computational power, and remains robust against emerging threats.

References

H. Wu, H. Han, X. Wang and S. Sun, "Research on Artificial Intelligence Enhancing Internet of Things Security: A Survey," in IEEE Access, vol. 8, pp. 153826-153848, 2020, https://doi.org/10.1109/ACCESS.2020.3018170.

M. Abdullahi, Y. Baashar, H. Alhussian, A. Alwadain, N. Aziz, L. F. Capretz, and S. J. Abdulkadir, “Detecting cybersecurity attacks in internet of things using artificial intelligence methods: A systematic literature review,” Electronics, vol. 11, no. 2, p. 198, 2022, https://doi.org/10.3390/electronics11020198.

G. Sadaram, M. Sakuru, L. M. Karaka, M. S. Reddy, V. Bodepudi, S. B. Boppana, and S. R. Maka, “Internet of things (IoT) cybersecurity enhancement through artificial intelligence: A study on intrusion detection systems,” Universal Library of Engineering Technology, 2022, https://doi.org/10.70315/uloap.ulete.2022.001.

I. Ahmad, Z. Wan, A. Ahmad, and S. S. Ullah, “A hybrid optimization model for efficient detection and classification of Malware in the internet of things,” Mathematics, vol. 12, no. 10, p. 1437, 2024, https://doi.org/10.3390/math12101437.

Z. E. Huma et al., "A Hybrid Deep Random Neural Network for Cyberattack Detection in the Industrial Internet of Things," in IEEE Access, vol. 9, pp. 55595-55605, 2021, https://doi.org/10.1109/ACCESS.2021.3071766.

M. Y. Alzahrani and A. M. Bamhdi, “RETRACTED ARTICLE: Hybrid deep-learning model to detect botnet attacks over internet of things environments,” Soft Computing, vol. 26, no. 16, pp. 7721-7735, 2022, https://doi.org/10.1007/s00500-022-06750-4.

M. Nobakht, R. Javidan, and A. Pourebrahimi, “DEMD-IoT: a deep ensemble model for IoT malware detection using CNNs and network traffic,” Evolving Systems, vol. 14, no. 3, pp. 461-477, 2023, https://doi.org/10.1007/s12530-022-09471-z.

M. Ali, M. Shahroz, M. F. Mushtaq, S. Alfarhood, M. Safran and I. Ashraf, "Hybrid Machine Learning Model for Efficient Botnet Attack Detection in IoT Environment," in IEEE Access, vol. 12, pp. 40682-40699, 2024, https://doi.org/10.1109/ACCESS.2024.3376400.

L. Almuqren, H. Alqahtani, S. S. Aljameel, A. S. Salama, I. Yaseen and A. A. Alneil, "Hybrid Metaheuristics With Machine Learning Based Botnet Detection in Cloud Assisted Internet of Things Environment," in IEEE Access, vol. 11, pp. 115668-115676, 2023, https://doi.org/10.1109/ACCESS.2023.3322369.

S. Khan and A. B. Mailewa, “Discover botnets in IoT sensor networks: A lightweight deep learning framework with hybrid self-organizing maps,” Microprocessors and Microsystems, vol. 97, p. 104753, 2023, https://doi.org/10.1016/j.micpro.2022.104753.

S. Jain, P. M. Pawar, and R. Muthalagu, “Hybrid intelligent intrusion detection system for internet of things,” Telematics and Informatics Reports, vol. 8, p. 100030, 2022, https://doi.org/10.1016/j.teler.2022.100030.

J. Jeon, B. Jeong, S. Baek and Y. -S. Jeong, "Hybrid Malware Detection Based on Bi-LSTM and SPP-Net for Smart IoT," in IEEE Transactions on Industrial Informatics, vol. 18, no. 7, pp. 4830-4837, 2022, https://doi.org/10.1109/TII.2021.3119778.

R. Chaganti, V. Ravi, and T. D. Pham, “Deep learning based cross architecture internet of things malware detection and classification,” Computers & Security, vol. 120, p. 102779, 2022, https://doi.org/10.1016/j.cose.2022.102779.

H. A. Alterazi et al., “Prevention of cyber security with the internet of things using particle swarm optimization,” Sensors, vol. 22, no. 16, p. 6117, 2022, https://doi.org/10.3390/s22166117.

N. Ahmed, M. A. Ngadi, A. A. Almazroi, and N. A. Alghanmi, “Hybrid model for novel attack detection using a cluster-based machine learning classification approach for the Internet of Things (IoT),” Future Internet, vol. 17, no. 6, p. 251, 2025, https://doi.org/10.3390/fi17060251.

S. Kasarapu, S. Shukla, and S. M. P. Dinakarrao, “Enhancing IoT malware detection through adaptive model parallelism and resource optimization,” arXiv preprint arXiv:2404.08808, 2024, https://doi.org/10.48550/arXiv.2404.08808.

A. Mehrban and P. Ahadian, “Malware detection in iot systems using machine learning techniques,” arXiv preprint arXiv:2312.17683, 2023, https://doi.org/10.48550/arXiv.2312.17683.

S. H. Khan et al., “A new deep boosted CNN and ensemble learning based IoT malware detection,” Computers & Security, vol. 133, p. 103385, 2023, https://doi.org/10.1016/j.cose.2023.103385.

M. Asam et al., “IoT malware detection architecture using a novel channel boosted and squeezed CNN,” Scientific Reports, vol. 12, no. 1, p. 15498, 2022, https://doi.org/10.1038/s41598-022-18936-9.

S. K. Smmarwar, G. P. Gupta, and S. Kumar, “AI-empowered malware detection system for industrial internet of things,” Computers and Electrical Engineering, vol. 108, p. 108731, 2023, https://doi.org/10.1016/j.compeleceng.2023.108731.

M. Abdullahi et al., “Detecting cybersecurity attacks in internet of things using artificial intelligence methods: A systematic literature review,” Electronics, vol. 11, no. 2, p. 198, 2022, https://doi.org/10.3390/electronics11020198.

J. Jeon, B. Jeong, S. Baek and Y. -S. Jeong, "Static Multi Feature-Based Malware Detection Using Multi SPP-net in Smart IoT Environments," in IEEE Transactions on Information Forensics and Security, vol. 19, pp. 2487-2500, 2024, https://doi.org/10.1109/TIFS.2024.3350379.

M. J. Kathem and T. S. Atia, “A Review on IoT Cyber-Attacks Detection Challenges‎ and Solutions,” Al-Iraqia Journal for Scientific Engineering Research, vol. 2, no. 3, pp. 22-31, 2023, https://doi.org/10.58564/IJSER.2.3.2023.84.

R. A. Zidan and G. Karraz, “Towards An Efficient Internet of Things Intrusion Detection by Using Support Vector Machine,” Baghdad Science Journal, vol. 22, no. 5, pp. 1714-1724, 2025, https://doi.org/10.21123/bsj.2024.11067.

A. A. Almazroi and N. Ayub, “Deep learning hybridization for improved malware detection in smart Internet of Things,” Scientific reports, vol. 14, no. 1, p. 7838, 2024, https://doi.org/10.1038/s41598-024-57864-8.

P. V. de C. Souza, A. J. Guimarães, T. S. Rezende, V. Souza Araujo, L. A. F. do Nascimento and L. Oliveira Batista, "An Intelligent Hybrid Model for the Construction of Expert Systems in Malware Detection," 2020 IEEE Conference on Evolving and Adaptive Intelligent Systems (EAIS), pp. 1-8, 2020, https://doi.org/10.1109/EAIS48028.2020.9122770.

A. K. Sahu, S. Sharma, M. Tanveer, and R. Raja, “Internet of Things attack detection using hybrid Deep Learning Model,” Computer Communications, vol. 176, pp. 146-154, 2021, https://doi.org/10.1016/j.comcom.2021.05.024.

I. Ullah, A. Ullah, and M. Sajjad, “Towards a hybrid deep learning model for anomalous activities detection in internet of things networks,” IoT, vol. 2, no. 3, pp. 428-448, 2021, https://doi.org/10.3390/iot2030022.

S. Alsubai, A. K. Dutta, A. M. Alnajim, R. Ayub, A. M. AlShehri, and N. Ahmad, “Artificial intelligence-driven malware detection framework for internet of things environment,” PeerJ Computer Science, vol. 9, p. e1366, 2023, https://doi.org/10.7717/peerj-cs.1366.

H. Naeem et al., “Malware detection in industrial internet of things based on hybrid image visualization and deep learning model,” Ad Hoc Networks, vol. 105, p. 102154, 2020, https://doi.org/10.1016/j.adhoc.2020.102154.

H. Rekha and M. Siddappa, “Hybrid deep learning model for attack detection in internet of things,” Service Oriented Computing and Applications, vol. 16, no. 4, pp. 293-312, 2022, https://doi.org/10.1007/s11761-022-00342-8.

A. A. Almazroi and N. Ayub, “Enhancing smart IoT malware detection: A GhostNet-based hybrid approach,” Systems, vol. 11, no. 11, p. 547, 2023, https://doi.org/10.3390/systems11110547.

M. W. A. Ashraf, A. R. Singh, A. Pandian, R. S. Rathore, M. Bajaj, and I. Zaitsev, “A hybrid approach using support vector machine rule-based system: detecting cyber threats in internet of things,” Scientific Reports, vol. 14, no. 1, p. 27058, 2024, https://doi.org/10.1038/s41598-024-78976-1.

P. Ananthi, K. Nirmaladevi and M. G, "Deep Learning Based Intrusion Detection for IoT Networks," 2024 4th International Conference on Ubiquitous Computing and Intelligent Information Systems (ICUIS), pp. 1690-1694, 2024, https://doi.org/10.1109/ICUIS64676.2024.10866629.

S. U. Qureshi et al., “Systematic review of deep learning solutions for malware detection and forensic analysis in IoT,” Journal of King Saud University-Computer and Information Sciences, vol. 36, no. 8, p. 102164, 2024, https://doi.org/10.1016/j.jksuci.2024.102164.

H. A. Zainel, “Lightweight Federated Intrusion Detection System for Resource Constrained IoT Networks Using Edge-Assisted Learning,” Journal of Al-Turath University College, vol. 43, no. 1, pp. 388-405, 2026, https://doi.org/10.63964/JATUC.43.1.2026.32.

F. Rustam, P. Ranaweera and A. D. Jurcut, "AI on the Defensive and Offensive: Securing Multi-Environment Networks from AI Agents," ICC 2024 - IEEE International Conference on Communications, pp. 4287-4292, 2024, https://doi.org/10.1109/ICC51166.2024.10622943.

A. Alsaedi, N. Moustafa, Z. Tari, A. Mahmood and A. Anwar, "TON_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems," in IEEE Access, vol. 8, pp. 165130-165150, 2020, https://doi.org/10.1109/ACCESS.2020.3022862.

R. Doshi, N. Apthorpe and N. Feamster, "Machine Learning DDoS Detection for Consumer Internet of Things Devices," 2018 IEEE Security and Privacy Workshops (SPW), pp. 29-35, 2018, https://doi.org/10.1109/SPW.2018.00013.

S. Sarvari, N. F. Mohd Sani, Z. Mohd Hanapi and M. T. Abdullah, "An Efficient Anomaly Intrusion Detection Method With Feature Selection and Evolutionary Neural Network," in IEEE Access, vol. 8, pp. 70651-70663, 2020, https://doi.org/10.1109/ACCESS.2020.2986217.

C. Yin, Y. Zhu, J. Fei and X. He, "A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks," in IEEE Access, vol. 5, pp. 21954-21961, 2017, https://doi.org/10.1109/ACCESS.2017.2762418.

A. Verma and V. Ranga, “Machine learning based intrusion detection systems for IoT applications,” arXiv preprint arXiv:2302.12452, 2023, https://doi.org/10.48550/arXiv.2302.12452.

H. G. A. Umar et al., “Energy-efficient deep learning-based intrusion detection system for edge computing: a novel DNN-KDQ model,” Journal of Cloud Computing, vol. 14, no. 1, p. 32, 2025, https://doi.org/10.1186/s13677-025-00762-9.

M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, p. 102419, 2020, https://doi.org/10.1016/j.jisa.2019.102419.