Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

• URL: http://arxiv.org/abs/2601.18736v1
• Date: Mon, 26 Jan 2026 17:59:33 GMT
• Title: Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift
• Authors: Jake Lyon, Ehsan Saeedizade, Shamik Sengupta,
• Abstract summary: Internet of Things (IoT) devices are prime targets for cyberattacks and malware applications.<n>Machine learning (ML) offers a promising approach to automated malware detection and classification.<n>This study investigates the effectiveness of four supervised learning models for malware detection and classification.
• Score: 0.5735035463793007
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The rapid expansion of the Internet of Things (IoT) in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and are deployed in heterogeneous and dynamic networks, making them prime targets for cyberattacks and malware applications. Machine learning (ML) offers a promising approach to automated malware detection and classification, but practical deployment requires models that are both effective and lightweight. The goal of this study is to investigate the effectiveness of four supervised learning models (Random Forest, LightGBM, Logistic Regression, and a Multi-Layer Perceptron) for malware detection and classification using the IoT-23 dataset. We evaluate model performance in both binary and multiclass classification tasks, assess sensitivity to training data volume, and analyze temporal robustness to simulate deployment in evolving threat landscapes. Our results show that tree-based models achieve high accuracy and generalization, even with limited training data, while performance deteriorates over time as malware diversity increases. These findings underscore the importance of adaptive, resource-efficient ML models for securing IoT systems in real-world environments.

Related papers

• Unknown Attack Detection in IoT Networks using Large Language Models: A Robust, Data-efficient Approach [5.0363184281919215]
  Existing machine learning approaches rely on large labeled datasets, payload inspection, or closed-set classification.<n>We propose SiamXBERT, a robust and data-efficient Siamese meta-learning framework empowered by a transformer-based language model for unknown attack detection.<n>We show that SiamXBERT consistently outperforms state-of-the-art baselines under both within-dataset and cross-dataset settings.
  arXiv  Detail & Related papers  (2026-02-12T17:15:39Z)
• Multi-Agent Collaborative Intrusion Detection for Low-Altitude Economy IoT: An LLM-Enhanced Agentic AI Framework [60.72591149679355]
  The rapid expansion of low-altitude economy Internet of Things (LAE-IoT) networks has created unprecedented security challenges.<n>Traditional intrusion detection systems fail to tackle the unique characteristics of aerial IoT environments.<n>We introduce a large language model (LLM)-enabled agentic AI framework for enhancing intrusion detection in LAE-IoT networks.
  arXiv  Detail & Related papers  (2026-01-25T12:47:25Z)
• Out-of-Distribution Detection for Continual Learning: Design Principles and Benchmarking [44.75780122845172]
  Recent years have witnessed significant progress in the development of machine learning models across a wide range of fields.<n>As these models are deployed in ever-changing real-world scenarios, their ability to remain reliable and adaptive over time becomes increasingly important.
  arXiv  Detail & Related papers  (2025-12-16T22:50:01Z)
• LSM-2: Learning from Incomplete Wearable Sensor Data [65.58595667477505]
  This paper introduces the second generation of Large Sensor Model (LSM-2) with Adaptive and Inherited Masking (AIM)<n>AIM learns robust representations directly from incomplete data without requiring explicit imputation.<n>Our LSM-2 with AIM achieves the best performance across a diverse range of tasks, including classification, regression and generative modeling.
  arXiv  Detail & Related papers  (2025-06-05T17:57:11Z)
• Constrained Network Adversarial Attacks: Validity, Robustness, and Transferability [0.0]
  Research reveals a critical flaw in existing adversarial attack methodologies.<n>We show that the frequent violation of domain-specific constraints, inherent to IoT and network traffic, leads to up to 80.3% of adversarial examples being invalid.<n>This work underscores the importance of considering both domain constraints and model architecture when evaluating and designing robust ML/DL models for security-critical IoT and network applications.
  arXiv  Detail & Related papers  (2025-05-02T15:01:42Z)
• Enhancing IoT-Botnet Detection using Variational Auto-encoder and Cost-Sensitive Learning: A Deep Learning Approach for Imbalanced Datasets [0.0]
  The work in this study leveraged Variational Auto-encoder (VAE) and cost-sensitive learning to develop models for IoT-botnet detection.<n>The aim is to enhance the detection of minority class attack traffic instances which are often missed by machine learning models.
  arXiv  Detail & Related papers  (2025-04-26T02:04:30Z)
• MULTI-LF: A Unified Continuous Learning Framework for Real-Time DDoS Detection in Multi-Environment Networks [1.5922526181364094]
  Existing AI-based detection systems struggle to adapt to new attack strategies and lack real-time attack detection capabilities.<n>This study proposes an online, continuous learning methodology for DDoS detection in M-En networks.
  arXiv  Detail & Related papers  (2025-04-15T19:44:53Z)
• AutoML for Multi-Class Anomaly Compensation of Sensor Drift [44.63945828405864]
  Sensor drift degrades the performance of machine learning models over time.<n>Standard cross-validation method overestimates performance by inadequately accounting for drift.<n>This paper presents two solutions: (1) a novel sensor drift compensation learning paradigm for validating models, and (2) automated machine learning (AutoML) techniques to enhance classification performance and compensate sensor drift.
  arXiv  Detail & Related papers  (2025-02-26T14:34:53Z)
• Lightweight CNN-BiLSTM based Intrusion Detection Systems for Resource-Constrained IoT Devices [38.16309790239142]
  Intrusion Detection Systems (IDSs) have played a significant role in detecting and preventing cyber-attacks within traditional computing systems. The limited computational resources available on Internet of Things (IoT) devices make it challenging to deploy conventional computing-based IDSs. We propose a hybrid CNN architecture composed of a lightweight CNN and bidirectional LSTM (BiLSTM) to enhance the performance of IDS on the UNSW-NB15 dataset.
  arXiv  Detail & Related papers  (2024-06-04T20:36:21Z)
• Leveraging LSTM and GAN for Modern Malware Detection [0.4799822253865054]
  This paper proposes the utilization of the Deep Learning Model, LSTM networks, and GAN classifiers to amplify malware detection accuracy and speed. The research outcomes come out with 98% accuracy that shows the efficiency of deep learning plays a decisive role in proactive cybersecurity defense.
  arXiv  Detail & Related papers  (2024-05-07T14:57:24Z)
• Optimization of Lightweight Malware Detection Models For AIoT Devices [2.4947404267499587]
  Malware intrusion is a problem for Internet of Things (IoT) and Artificial Intelligence of Things (AIoT) devices. This research aims to optimize the proposed super learner meta-learning ensemble model to make it viable for low-end AIoT devices.
  arXiv  Detail & Related papers  (2024-04-06T09:30:38Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Robustness and Generalization Performance of Deep Learning Models on Cyber-Physical Systems: A Comparative Study [71.84852429039881]
  Investigation focuses on the models' ability to handle a range of perturbations, such as sensor faults and noise. We test the generalization and transfer learning capabilities of these models by exposing them to out-of-distribution (OOD) samples.
  arXiv  Detail & Related papers  (2023-06-13T12:43:59Z)
• Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
  We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks. We present an adversarial training strategy that mitigates the impact of such simulated attacks.
  arXiv  Detail & Related papers  (2022-03-25T19:57:19Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.