Malware Detection in IOT Devices Using Machine Learning: A Comparative Study of Cyber Security Approaches

Abstract

The rapid proliferation of Internet of Things (IoT) devices in smart healthcare, industrial automation, and smart city applications has significantly increased the vulnerability of IoT ecosystems to cyberattacks. Malware attacks targeting resource-constrained IoT devices pose serious threats, including data breaches, service disruption, and large-scale botnet formation. Traditional cybersecurity mechanisms, such as signature-based intrusion detection systems, are inadequate in detecting zero-day and evolving malware. To address these challenges, this study presents a comprehensive comparative analysis of malware detection approaches in IoT devices using machine learning techniques. A synthetic IoT malware dataset is generated to simulate realistic network traffic and device behavior. Multiple cybersecurity approaches, including classical machine learning models, deep learning architectures, and a hybrid CNN–LSTM framework, are implemented and evaluated. The models are assessed using performance metrics such as accuracy, precision, recall, F1-score, and detection latency. Experimental results demonstrate that deep learning models outperform traditional approaches, with the hybrid CNN–LSTM model achieving the highest detection accuracy and balanced performance. The findings highlight the effectiveness of hybrid learning architectures for real-time IoT malware detection and provide insights into deploying intelligent cybersecurity solutions in resource-constrained environments.

Introduction

The rapid growth of the Internet of Things (IoT) has enabled applications in smart healthcare, smart cities, industrial automation, and intelligent transportation, but also introduced significant cybersecurity risks due to heterogeneous architectures, resource constraints, and lack of standardized security protocols. Malware—such as botnets, ransomware, spyware, worms, and trojans—poses a major threat, potentially compromising devices, stealing sensitive data, and facilitating large-scale attacks like DDoS. Traditional security mechanisms, including firewalls and signature-based intrusion detection systems (IDS), are ineffective against zero-day, polymorphic, and evolving attacks.

Recent research emphasizes the use of machine learning (ML), deep learning (DL), and hybrid approaches for IoT malware detection. Classical ML models like Random Forest and SVM can detect device-specific anomalous behavior, while DL models, including CNNs and LSTMs, capture spatial and temporal patterns in malware activity. Hybrid CNN–LSTM architectures combine spatial and temporal learning to improve detection accuracy and robustness. Explainable AI (XAI) is increasingly important to improve trust in these models. Edge computing is highlighted for reducing latency and enabling real-time malware detection.

Despite advances, several research gaps remain: limited comparative studies of traditional, ML, DL, and hybrid approaches; insufficient attention to deployment feasibility on resource-constrained devices; inadequate focus on temporal attack patterns; scarcity of reproducible datasets; and lack of evaluation metrics beyond accuracy, such as detection latency and false positives.

This study addresses these gaps by:

1. Modeling realistic IoT environments and simulating malware attack scenarios.

2. Using synthetic IoT malware datasets that mimic real-world traffic for reproducibility.

3. Evaluating traditional, ML, DL, and hybrid detection approaches, including CNN–LSTM models.

4. Measuring multiple performance metrics: accuracy, precision, recall, F1-score, detection latency, and false positive rate.

5. Considering edge-cloud deployment for practical real-time implementation.

The overarching goal is to identify an efficient, accurate, and practical malware detection framework that balances detection performance and computational feasibility for IoT networks.

Conclusion

This study presented a comprehensive comparative analysis of cybersecurity approaches for malware detection in Internet of Things (IoT) devices using machine learning techniques. Traditional signature-based intrusion detection systems, classical machine learning models, deep learning architectures, and hybrid learning frameworks were evaluated using a synthetic dataset that realistically represents IoT traffic and malware behavior. The results clearly indicate that conventional security mechanisms are insufficient for detecting modern and evolving IoT malware, particularly zero-day and polymorphic attacks. The experimental findings demonstrate that machine learning-based approaches significantly enhance detection performance, with deep learning models outperforming classical algorithms due to their ability to automatically learn complex feature representations. Among all evaluated models, the hybrid CNN–LSTM architecture achieved the highest accuracy, precision, recall, and F1-score while maintaining acceptable detection latency. This highlights the importance of integrating spatial feature extraction with temporal sequence learning to effectively capture sophisticated malware patterns in IoT environments. Furthermore, the comparative analysis underscores the necessity of balancing detection accuracy with computational efficiency, especially for deployment in resource-constrained IoT systems. The study confirms that edge-enabled intelligent security solutions can provide real-time protection while reducing response time and network overhead. Overall, the proposed comparative framework offers valuable insights into selecting suitable machine learning models for IoT malware detection and contributes to the development of robust, adaptive, and scalable cybersecurity solutions for future IoT ecosystems.

References

[1] Abdel-Basset, M., Chang, V., & Nabeeh, N. A. (2022). An intelligent framework for IoT malware detection using deep learning. Future Generation Computer Systems, 126, 123–135. [2] Alauthman, M., Aslam, N., Al-Kasassbeh, M., & Al-Qerem, A. (2020). An efficient hybrid intrusion detection system for IoT networks. IEEE Access, 8, 165374–165386. [3] Almiani, M., AbuGhazleh, A., Al-Rahayfeh, A., & Atiewi, S. (2022). Deep learning-based intrusion detection for IoT networks. Neural Computing and Applications, 34(10), 7891–7906. [4] Alsaedi, A., Alabdulatif, A., & Hussain, F. (2024). Comparative analysis of machine learning techniques for IoT malware detection. Computers & Security, 136, 103505. [5] Doshi, R., Apthorpe, N., & Feamster, N. (2018). Machine learning DDoS detection for consumer IoT devices. IEEE Security & Privacy Workshops, 29–35. [6] Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches and challenges. Journal of Information Security and Applications, 50, 102419. [7] HaddadPajouh, H., Dehghantanha, A., Parizi, R. M., & Choo, K. K. R. (2021). A deep recurrent neural network for IoT botnet detection. IEEE Internet of Things Journal, 8(6), 4597–4606. [8] Khan, M. A., Karim, M., & Kim, Y. (2023). A scalable hybrid CNN–LSTM model for IoT malware detection. IEEE Access, 11, 21345–21358. [9] Meidan, Y., Bohadana, M., Shabtai, A., et al. (2018). ProfilIoT: A machine learning approach for IoT device identification and attack detection. ACM CCS Workshops, 1–13. [10] Nguyen, D. C., Ding, M., Pathirana, P. N., & Seneviratne, A. (2021). Federated learning for IoT security: A comprehensive survey. IEEE Communications Surveys & Tutorials, 23(3), 1622–1658. [11] Shafiq, M., Tian, Z., Bashir, A. K., et al. (2021). IoT malware detection using machine learning techniques. IEEE Internet of Things Journal, 8(2), 1031–1043. [12] Sikder, A. K., Petracca, G., Aksu, H., et al. (2022). A survey on sensor-based threats to IoT devices and applications. IEEE Communications Surveys & Tutorials, 24(1), 132–162. [13] Verma, A., & Ranga, V. (2023). Lightweight machine learning-based intrusion detection for edge-enabled IoT networks. Journal of Network and Computer Applications, 208, 103495. [14] Yin, C., Zhu, Y., Fei, J., & He, X. (2019). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 7, 21954–21961. [15] Zhou, Y., Wang, H., & Li, X. (2024). Attention-based deep learning for IoT intrusion detection. Expert Systems with Applications, 234, 121067.

Copyright

Copyright © 2025 Ramya S, Dr. T. Indumathi, Mr. A. Jasmine Antony Raj, Mrs. M. Mahalakshmi, Mr. S. Thangamani , Ragupathy Ganesan. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.