Due to its simple installation and connectivity, the internet of things (IoT) is susceptible to malware attacks. As IoT devices have become more prevalent, they have become the most tempting targets for malware. In this chapter, the authors propose a novel detection and analysis method that harnesses the power and simplicity of decision trees. The experiments are conducted using a real word dataset, MaleVis, which is a publicly available dataset. Based on the results, the authors show that this proposed approach outperforms existing state-of-the-art solutions in that it achieves 97.23% precision and 95.89% recall in terms of detection and classification. A specificity of 96.58%, F1-score of 96.40%, an accuracy of 96.43%, and an average processing time per malware classification of 789 ms.
TopIntroduction
An intrusion refers to an effort made to compromise security objectives by infecting a system. Consequently, numerous tools and techniques have been devised to safeguard networks and systems against intrusions, including detection systems (Chiba, 2019; Irshad, 2020). As a result, intrusion detection encompasses techniques that classify data activity as either normal or intrusive (Omar, 2022; Irshad, 2019; Chaudry, 2020) in order to identify undesirable activities. An intrusion detection system (IDS) serves the purpose of identifying and preventing intruders from accessing a monitored network, both from external and internal sources. Typically, two methods of detection are employed for this purpose. For instance, misuse detection identifies intrusions by utilizing known attack signatures, while anomaly detection relies on deviations from a normal model (Guezzaz, 2021). Hybrid detection approaches combine both misuse detection and anomaly detection, aiming to enhance the detection rate and accuracy of IDS (Omar, 2023).
Although IDSs are efficient, they possess various limitations such as real-time detection, alarm generation, and data accuracy, which can result in suboptimal detection outcomes. Consequently, intrusion detection continues to be a significant and evolving field of research. The integration of machine learning (ML) methods has been explored to enhance intrusion detection and reinforce computer security. Several studies have examined the utilization of machine learning techniques to improve data quality and training, thereby enhancing the performance of intrusion detection (Fernandes, 2019; Kheraisat, 2019; Omar, 2021). Decision trees have been employed in numerous scenarios for classification purposes, with individual features being tested independently. Following each branch split, a single classification is assigned to it (Cavos, 2019; Jeong, 2016). Decision trees provide better representation of the training set and are capable of predicting values by incorporating instances beyond the training set. The decision tree constructed by the widely known algorithms ID3 and C4.5 is guaranteed to correspond to the provided data from these algorithms.
However, data is not always gathered in a structured manner, and unstructured data must undergo preprocessing before it can be analyzed. Additionally, selecting relevant features is a crucial step in reducing computational costs associated with modeling and enhancing the performance of predictive models (Masdarri, 2020; Alazzam, 2020).