MalAE: A Feature-Optimized and Autoencoder Ensemble-Based Method for IoT Malware Classification

In the landscape of the Internet of Things (IoT), the rapid evolution and diverse obfuscation tactics of malware render it challenging to detect and identify effectively, posing significant threats to network security. Signature or heuristic methods rely on fixed feature recognition, making it challenging to handle new variants. Recent research has proposed deep learning techniques that utilize static analysis of bytes and images or dynamic analysis of APIs. However, these methods are effective only on samples from the same platform or lead to a dimensional explosion due to excessive irrelevant obfuscation, rendering them inadequate for managing complex cross-platform malware. In this work, we propose a novel lightweight cross-platform malware classification system called MalAE. This system employs a global-local particle swarm optimization algorithm to mine frequent features, adaptively identifying distinct family characteristics and efficiently recognizing variants. An ensemble of autoencoders integrates comprehensive file features and cross-platform basic block features from various perspectives and feature spaces, compressing high-dimensional data into a low-dimensional latent space. This approach preserves essential information, captures nonlinear complex relationships, and facilitates the rapid classification of intricate cross-platform samples. Evaluations conducted on two different datasets demonstrate that MalAE reduces the original feature dimensions by approximately 70% while also enhancing accuracy. Compared to state-of-the-art methods, MalAE achieves superior results, attaining an accuracy of 97.72%.