Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

TL;DR

This paper evaluates the effectiveness of four supervised machine learning models for IoT malware detection, emphasizing their performance under data scarcity and evolving threats, and highlights the importance of adaptive, resource-efficient models for IoT security.

Contribution

It provides a comprehensive benchmarking of ML models on IoT malware detection, analyzing their robustness to data scarcity and temporal changes, which is novel in this context.

Findings

Tree-based models perform well with limited data.

Model accuracy decreases over time as malware evolves.

Resource-efficient models are crucial for IoT security.

Abstract

The rapid expansion of the Internet of Things (IoT) in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and are deployed in heterogeneous and dynamic networks, making them prime targets for cyberattacks and malware applications. Machine learning (ML) offers a promising approach to automated malware detection and classification, but practical deployment requires models that are both effective and lightweight. The goal of this study is to investigate the effectiveness of four supervised learning models (Random Forest, LightGBM, Logistic Regression, and a Multi-Layer Perceptron) for malware detection and classification using the IoT-23 dataset. We evaluate model performance in both binary and multiclass classification tasks, assess sensitivity to training data volume, and analyze temporal robustness to simulate deployment in evolving threat landscapes. Our results show that tree-based models achieve high accuracy and generalization, even with limited training data, while performance deteriorates over time as malware diversity increases. These findings underscore the importance of adaptive, resource-efficient ML models for securing IoT systems in real-world environments.