Deep learning based XIoT malware analysis: A comprehensive survey, taxonomy, and research challenges

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2025-06-28 DOI:10.1016/j.jnca.2025.104258

Rami Darwish, Mahmoud Abdelsalam, Sajad Khorsandroo

{"title":"Deep learning based XIoT malware analysis: A comprehensive survey, taxonomy, and research challenges","authors":"Rami Darwish, Mahmoud Abdelsalam, Sajad Khorsandroo","doi":"10.1016/j.jnca.2025.104258","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT) and its broader ecosystem, known as the Extended Internet of Things (XIoT), encompass various domains, including Industrial IoT (IIoT), Internet of Medical Things (IoMT), Internet of Vehicles (IoV), and Internet of Battlefield Things (IoBT). This interconnected ecosystem enhances automation and intelligence across industries while also increasing exposure to sophisticated malware threats. Traditional malware detection methods, such as signature-based and heuristic-based techniques, often fail to address evolving threats due to their limited ability to detect complex and dynamic behaviors. In response, deep learning has emerged as a transformative solution offering advanced capabilities for recognizing complex and dynamic malware behaviors. This paper presents a comprehensive survey of deep learning-based malware detection techniques across XIoT domains and introduces a novel cross-domain taxonomy that organizes existing work according to XIoT domains, operating systems, extracted features, and deep learning models. We critically examine state-of-the-art methods, analyzing their strengths, technical limitations, model complexity, and deployment feasibility. Furthermore, we identify significant research gaps and propose future directions to address key challenges, including dataset scarcity, computational overhead, and the lack of standardized cross-domain evaluation. This survey aims to serve as a foundational resource for advancing cybersecurity solutions within the rapidly expanding XIoT landscape.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"242 ","pages":"Article 104258"},"PeriodicalIF":7.7000,"publicationDate":"2025-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804525001559","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) and its broader ecosystem, known as the Extended Internet of Things (XIoT), encompass various domains, including Industrial IoT (IIoT), Internet of Medical Things (IoMT), Internet of Vehicles (IoV), and Internet of Battlefield Things (IoBT). This interconnected ecosystem enhances automation and intelligence across industries while also increasing exposure to sophisticated malware threats. Traditional malware detection methods, such as signature-based and heuristic-based techniques, often fail to address evolving threats due to their limited ability to detect complex and dynamic behaviors. In response, deep learning has emerged as a transformative solution offering advanced capabilities for recognizing complex and dynamic malware behaviors. This paper presents a comprehensive survey of deep learning-based malware detection techniques across XIoT domains and introduces a novel cross-domain taxonomy that organizes existing work according to XIoT domains, operating systems, extracted features, and deep learning models. We critically examine state-of-the-art methods, analyzing their strengths, technical limitations, model complexity, and deployment feasibility. Furthermore, we identify significant research gaps and propose future directions to address key challenges, including dataset scarcity, computational overhead, and the lack of standardized cross-domain evaluation. This survey aims to serve as a foundational resource for advancing cybersecurity solutions within the rapidly expanding XIoT landscape.

查看原文本刊更多论文

基于深度学习的iot恶意软件分析：综合调查、分类和研究挑战

物联网（IoT）及其更广泛的生态系统，即扩展物联网（XIoT），涵盖了各种领域，包括工业物联网（IIoT）、医疗物联网（IoMT）、车联网（IoV）和战场物联网（IoBT）。这种相互关联的生态系统增强了跨行业的自动化和智能，同时也增加了复杂恶意软件威胁的暴露。传统的恶意软件检测方法，如基于签名和基于启发式的技术，由于检测复杂和动态行为的能力有限，往往无法解决不断发展的威胁。作为回应，深度学习已经成为一种变革性的解决方案，提供了识别复杂和动态恶意软件行为的高级功能。本文全面介绍了基于深度学习的跨XIoT领域恶意软件检测技术，并介绍了一种新的跨领域分类法，该分类法根据XIoT领域、操作系统、提取的特征和深度学习模型组织现有工作。我们严格检查最先进的方法，分析它们的优势、技术限制、模型复杂性和部署可行性。此外，我们确定了重大的研究差距，并提出了未来的方向，以解决关键挑战，包括数据集稀缺，计算开销，以及缺乏标准化的跨领域评估。本调查旨在为在快速扩张的物联网环境中推进网络安全解决方案提供基础资源。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.