Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2019, Article ID 8195395, 10 pages
Research Article

Malware Detection Based on Deep Learning of Behavior Graphs

Fei Xiao,1,2,3 Zhaowen Lin,1,2,3 Yi Sun,2,3,4 and Yan Ma1

1Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China
2Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang, 050081, China
3National Engineering Laboratory for Mobile Network Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China
4Network and Information Center, Institute of Network Technology/Institute of Sensing Technology and Business, Beijing University of Posts and Communications, Beijing, 100000, China

Correspondence should be addressed to Yi Sun; nc.ude.tpub@tpubys

Received 26 October 2018; Revised 15 January 2019; Accepted 21 January 2019; Published 11 February 2019

Academic Editor: Luis Martínez

Copyright © 2019 Fei Xiao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


The Internet of Things (IoT) provides various benefits, which makes smart device even closer. With more and more smart devices in IoT, security is not a one-device affair. Many attacks targeted at traditional computers in IoT environment may also aim at other IoT devices. In this paper, we consider an approach to protect IoT devices from being attacked by local computers. In response to this issue, we propose a novel behavior-based deep learning framework (BDLF) which is built in cloud platform for detecting malware in IoT environment. In the proposed BDLF, we first construct behavior graphs to provide efficient information of malware behaviors using extracted API calls. We then use a neural network-Stacked AutoEncoders (SAEs) for extracting high-level features from behavior graphs. The layers of SAEs are inserted one after another and the last layer is connected to some added classifiers. The architecture of the SAEs is 6,000-2,000-500. The experiment results demonstrate that the proposed BDLF can learn the semantics of higher-level malicious behaviors from behavior graphs and further increase the average detection precision by 1.5%.