CAIMP: Cross-Architecture IoT Malware Detection and Prediction Based On Static Feature

IoT malware and cross-platform malware are currently the top threats to information systems. This paper proposes a robust cross-architecture IoT malware detection and prediction model based on machine learning and opcode features using a novel approach. In our method, a feature opcode transformation model between chip architecture platforms is proposed to facilitate the process of building a detection model for cross-architecture malware on IoT devices. The feature transformation model is capable of converting opcodes between different architecture platforms using an unsupervised machine learning approach. In our approach, a machine learning model is used for the detection of cross-platform malware based on the proposed opcode features. Experiments have demonstrated that our method is effective in detecting and predicting cross-platform malware with an accuracy of up to 99.4% and an F1-score of 99.3%. The method is capable of learning on one architecture platform and detecting malware on a different architecture platform. Therefore, the method can be used to develop cross-architecture detection and zero-day malware prediction solutions on IoT devices. © The British Computer Society 2024. All rights reserved.