HCL-Classifier: CNN and LSTM based hybrid malware classifier for Internet of Things (IoT)

This paper highlights a hybrid static classifier based on CNN and bidirectional LSTM for Malware classification tasks in the IoT. Our approach learns and takes note of the nature and complex patterns of the Byte and Assembly files represented in one-dimensional images to enable better feature extraction, and does not require any expertise. CNN is used for automatic feature selection and extraction. In addition, the extracted features are forwarded to the bidirectional LSTM for classification. Extensive experiments were conducted with the Microsoft Malware classification dataset and the IoT Malware dataset. The experimental results show that our HCL-Classifier achieves an average of 99.91% and 99.83%, respectively, outperforming traditional single-input state-of-the-art works. Moreover, the least performed classifier among the baseline models used in this work, such as Random Forest, achieved 97.66% accuracy. We attribute this to the nature of our 1D image representation. This study also discovered that the different files in the dataset contain specific features that differ from file to file, which we demonstrated visually and through experiments.