electronics Article Intelligent Mirai Malware Detection for IoT Nodes Tarun Ganesh Palla and Shahab Tayeb *   Citation: Palla, T.G.; Tayeb, S. Intelligent Mirai Malware Detection for IoT Nodes. Electronics 2021, 10, 1241. https://doi.org/10.3390/ electronics10111241 Academic Editor: Taeshik Shon Received: 27 April 2021 Accepted: 19 May 2021 Published: 24 May 2021 Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affil- iations. Copyright: © 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/). Department of Electrical and Computer Engineering, California State University, Fresno, CA 93740, USA; tarunpalla@mail.fresnostate.edu * Correspondence: tayeb@csufresno.edu Abstract: The advancement in recent IoT devices has led to catastrophic attacks on the devices resulting in breaches in user privacy and exhausting resources of various organizations, so that users and organizations expend increased time and money. One such harmful malware is Mirai, which has created worldwide recognition by impacting the digital world. There are several ways to detect Mirai, but the Machine Learning approach has proved to be accurate and reliable in detecting malware. In this research, a novel-based approach of detecting Mirai using Machine Learning Algorithm is proposed and implemented in Matlab and Python. To evaluate the proposed approaches, Mirai and Benign datasets are considered and training is performed on the dataset comprised of a Training set, Cross-Validation set and Test set using Artificial Neural Network (ANN) consisting of neurons in the hidden layer, which provides consistent accuracy, precision, recall and F-1 score. In this research, an accurate number of hidden layers and neurons are chosen to avoid the problem of Overfitting. This research provides a comparative analysis between ANN and Random Forest models of the dataset formed by merging Mirai and benign datasets of the Mirai malware detection pertaining to seven IoT devices. The dataset used in this research is “N-BaIoT” dataset, which represents data in the features infected by Mirai Malware. The results are found to be accurate and reliable as the best performance was achieved with an accuracy of 92.8% and False Negative rate of 0.3% and F-1 score of 0.99. The expected outcomes of this project, include major findings towards cost-effective Learning solutions in detecting Mirai Malware strains. Keywords: Mirai; artificial neural network; random forest; IoT 1. Introduction Securing IoT nodes is a primary and important aspect as the evolution of security advancements has led to the development of attacks on smart devices. The widespread adoption of IoT solutions has impacted our daily lives in ways not previously possible. Such an impact has brought along various integrated cyber threats to our society. Mirai malware has been under the limelight since September 2016, when a malware research group “Malware Must Die” found a malware type which has been used to launch malicious and catastrophic DDoS attacks [1]. DDoS is a type of Cyber-attack, where the flooding caused by incoming traffic occurs from multiple sources. It is similar to the DoS attack, but the initiation of attack comes from single source in DoS. Whereas, in the DDoS attack, the attack is initiated from multiple sources (computers) [2]. Since then, Mirai has impacted the digital world by making the IoT devices vulnerable to the malware, and the infected devices consequently performed operations with an unexpected increase in the bandwidth and performed slowly. Mirai (originated from the Japanese word, meaning future) creates a malicious botnet, whereby a single internet-connected device is primarily compromised, and thereby, infects other devices in the network, which forms a large-scale network attack. Due to the increase in the deployment of IoT devices, there is an increased risk of large-scale DDoS attacks, and with the advancement of current technology, there would be more harmful attacks in the future if the issue is not addressed fundamentally. As a result of this, several multi-national companies have been the victims of Mirai malware, Electronics 2021, 10, 1241. https://doi.org/10.3390/electronics10111241 https://www.mdpi.com/journal/electronics