2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

Intrusion Detection in IoT Systems Based on Deep

Learning Using Convolutional Neural Network
Pham Van Huong Le Duc Thuan Le Thi Hong Van Dang Viet Hung
Information Technology Hanoi University of Science and Information Technology Information Technology
Academy of Cryptography Technology, Information Academy of Cryptography Academy of Cryptography
Techniques Technology Techniques Techniques
Hanoi, Vietnam Academy of Cryptography Hanoi, Vietnam Hanoi, Vietnam
[email protected] Techniques [email protected] [email protected]
Hanoi, Vietnam
[email protected]

Abstract— Internet of Things (IoT) and the fourth Industrial has been successfully applied in object classification, natural
Revolution are key developmental trends of today’s technology. language processing, and malware detection. Therefore, this
With a variety of devices, environments, and communication paper proposes and develops the IoT intrusion detection
protocols, IoT systems are at increased risks of insecurity and method based on CNN. This paper also provides a method of
vulnerability. Therefore, an effective intrusion detection method, improving the feature set based on suitability. The rest of the
which suits IoT systems, is necessary. This paper proposes a new paper is organized as follows: Section II – Survey, analysis,
method of detecting intrusion for IoT systems based on deep synthesis of related research; Section III – Presentation of
learning using a convolutional neural network. The log ideas, process and content of method’s development; Section
information of an IoT system such as location, service, address,
IV – Experiment for method’s testing and evaluation; Section V
etc., is extracted into an original feature set. Next the original
feature set is improved and encoded into a digital matrix and fed
– Conclusion and trends of development.
into a convolutional neural network for training and detection. II. RELATED WORK
The proposed method is evaluated based on the cross-validation
method and has an average accuracy of 98.9%. In this section, we are going to review, analyze and
synthesize related researches regarding network intrusion, IoT
Keywords—IoT intrusion detection, IoT system, Deep learning, intrusion, deep learning, applying deep learning into malware
Convolutional neural network, Feature set, Feature set encoding. detection and intrusion detection in IoT systems. This content
is used as the foundation for developing the proposed method
I. INTRODUCTION in the paper. Network intrusion detection systems (IDS) have
Internet of Things plays an essential role in information been researched and deployed for a long time with several key
technology and communication. IoT systems present in almost methods based on signatures, rules, and machine learning [1, 2,
every aspect of life, such as smart homes, smart headquarters, 8, 10, 11]. Typical machine learning methods utilized in IDS
smart hospitals, smart agriculture, etc. Compared to traditional like neural network [2, 11], support vector machine [10],
network systems, IoT systems are more complex and diverse. maximum entropy [3]. These methods are mostly tested on
Each IoT system usually consists of a server, a workstation, KDD-99 or NSL-KDD datasets and have an average accuracy
smart devices, embedded boards. Due to the variety of CPUs, of 94.75%.
peripherals, operating systems (Android, iOS, freeOS), and
Deep learning has been researched and developed strongly
communication protocols (HTTP, MQTT, CoAP, etc.), IoT
in recent years with various models such as DBN, CNN, etc.,
systems are at risk of being exploited. Moreover, the large
[1, 4, 14-18]. CNN is the most widely studied and applied deep
numbers of data formats and sizes make analyzing and
learning model, with many different network structures such as
detecting intrusions in IoT systems difficult.
Alex, LeNet, Inception, VGG, etc. [6, 8, 13, 17]. In previous
Besides, with rapid development of hardware and software researches [4, 13, 17, 18, 20], the authors applied CNN to
technologies, the system penetration techniques are getting detect malwares and achieved an average accuracy of 94.85 %.
more diverse, polymorphic and more sophisticated. Traditional Also CNN was applied to detect Android malware with a
methods of detecting network intrusion based on signatures average accuracy of 96.35 % [5, 6, 9, 12, 14, 16, 19, 21].
and rules are not totally effective, the detection rate is not
IoT systems have been only extensively researched and
optimal. Researching, proposing, and developing a new
widely deployed in recent years, so the analysis and intrusion
method of detecting intrusion, which suitable for IoT systems
detection in IoT system have received little attention.
still face many challenges. Meanwhile, the rapid development
Currently, there are only a few studies on malware detection in
and widespread application of Artificial Intelligence (AI) today
IoT systems and there is no official research on IoT intrusion
created deep learning, an improved machine learning technique
detection [7, 22]. Interestingly, IoT systems includes traditional
that has been studied and applied in many fields. Convolutional
network systems are used to connect many types of devices
neural network (CNN) is a typical deep learning model, which
such as servers, workstations, phones, boards, etc., so the IoT

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:33:18 UTC from IEEE Xplore. Restrictions apply.
978-1-7281-5163-2/19/$31.00 ©2019 IEEE 448
 2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

system also has more specific features in addition to the B. Detection model based on CNN
common features of the network. Based on the results of this The IoT intrusion detection system based on CNN is
survey, the paper proposes a new method to detect IoT system described as a mapping  in Equation (1).
intrusion based on CNN. This method will be developed,
experimented and evaluated in the following sections. : A  L (1)
III. DEVELOPING THE METHOD OF IoT where,
INSTRUSION DETECTION BASED ON CNN  A is a set of input matrices.
A. Idea and the overall system model  L is a set of labels including normal and attack types.
The main idea of the paper is to improve, encode a feature
set and apply CNN to detect intrusion in IoT systems. The In this research, we built the general structure of CNN used
process of developing and evaluating methods is as follows: in the intrusion detection system of IoT system as described in
original features sets are extracted from system log; improve Fig. 2. The network is structured as follows:
the original feature set based on the suitability of the feature’s  Input layer: set of matrices n0 * n0.
value; an improved feature set is encoded into a digital matrix;  Output layer: set of neurons corresponding to the
the digital matrix is then used for training and detect intrusion labels.
according to CNN. This process is carried out based on the
overall model of system in Fig. 1. According to the overall  Hidden layers to generalize features: include one or
model, the CNN-based IoT intrusion detection system is more pairs of convolution matrixes and feature filter
implemented in these main stages: data collection and matrices. For each pair, the set of parameters to
preprocessing, network training and detection. In the data calculate the convolution product is (d, wc * hc, s1) and
collection and preprocessing stage, data from system log or the set of parameters to filter features is (d, wp * hp,
monitoring systems will be selected and calibrated to extract s2); where d is the depth – is the number of shared
features. In the training period, the input is a digital matrix, a weight matrices, s1, s2 are the sliding steps, wc * hc is
label set and a parameter set including number of convolutional the sliding window size, wp * hp is the filter window
layer, sliding window size, etc. and the output is a weight array size.
in neuron links. In the detection phase, each actual data sample,
after being pre-processed, extracted, and improved feature set,  Last hidden layer: fully connected to output layer,
is put through the calculation model on the weight set obtained used to classify.
in the training period to detect attack.

Fig. 2. CNN structure for IoT intrusion detection

The size of the resulting matrix after calculating the

convolution depends on the size of the sliding window, the
sliding step and is calculated by Equation (2). The size of the
feature matrix after performing the filter through the filter
window is similar.
− ℎ −ℎ
∗ ℎ = +1 ∗ ( + 1) (2)
1 1
where,
Fig. 1. Research and experiment process
 wi * hi is the size of the resulting matrix
 wi-1 * hi-1 is the size of the resulting matrix

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:33:18 UTC from IEEE Xplore. Restrictions apply.
449
 2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

 s1i is the sliding step at ith matrix used in the convolutional neural network. Feature
encoding is the process of converting from a source feature set
 wc * hc is the size of sliding window.
to a target feature set; each feature set is used by different
C. Extracting features and improving the feature set machine learning methods. In the paper, the encoding process
Definition 1 – Original feature set is the process of converting from F1 to FC. Each feature in the
Original feature set, symbolized by F0, is the first extracted form of text in F1 is transformed into a feature group in FC by
feature set that has been pre-processed. From a data set, each taking the quotient of the ASCII code for each character and
unique feature extraction will produce a different feature set; the highest ASCII code. Accordingly, each feature in FC will
These feature sets can be combined to increase the number of have a value of [0, 1]. The conversion function is described as
dimensions and improve accuracy; the features in each feature in Equation (5) and is set by Algorithm 1. The result is the
set can also be evaluated and selected to obtain a condensed, feature set FC illustrated in Fig. 3.
quality feature set; the feature sets can also be improved to add f: F1  FC satisfied fi  {fc | fc = cj / maxA} (5)
the new features based on the original features. Table I shows
some features having the high suitability with the number of where,
classes in the original feature set.  fi is the ith feature set of F1
TABLE I. FEATURES HAVING HIGHT SUITABILITY  fc is the digital feature of FC
Feature Description Value  cj is the ith character in the feature fi
SourceType Type of a source device sensorService
DestinationServiceType Type of a distination service lightControler  maxA is the highest ASCII code.
Operation Operation on a device registerService
Dsaddr Destination Service Address lightcontrol1
DestinationLocation Destination Service Type Livingroom
Algorithm 1: CNN Feature encoding
Input: Feature set F1
Output: CNN feature set FC
Definition 2 - Improvement feature set
The improvement feature set, symbolized by F1, is the 1: FC = {}, arMaxFeature = {}, maxASCII = 255
feature set obtained from the original feature set based on the
2: For i from 0 to |F1| - 1
feature improvement algorithms. The feature improvement
algorithm is described as an f -map as shown in Equation (3). 3: arMaxFeaturei = 0
f: F0  F1 (3) 4: For each linei in the file of F1 set
In this paper, we propose a method of adding new
features based on the features with high suitability. This value 5: For each featurej in linei
is evaluated by rate between the number of items in a cluster 6: If length(featurej) less than arMaxFeaturej then
and the number of samples in a class; the clusters are created
by a clustering algorithm. The number of clusters is equal to 7: arMaxFeaturej = length(featurej)
the number of classes. The value of each feature is added by 8: End if
the suitability to create the new feature shown in Table II.
9: End for
Accordingly, the F1 set is constructed as in Equation (4).
F1 = F0  {fi + si} (4) 10: End for
where, 11: For each linei in the file of F1 set
 fi is the ith feature
 si is the ith suitability 12: For each featurej in linei
13: For k from 0 to length(featurej) - 1
TABLE II. NEW FEATURES IN THE IMPROVED FEATURE SET
14: featureCNNk = ASCIIcode(featurej,k)/maxASCII
Feature Description Value
SourceType_S1 Type of a source sensorService0.962 15: FC = FC  { featureCNNk}
device added by S1
DestinationServiceType_S2 Type of a distination lightControler0.855 16: End for
service added by S2
Operation_S3 Operation on a registerService0.868 17: For k from length(featurej) to arMaxFeaturej – 1
device added by S3
18: featureCNNk = 0
Dsaddr_S4 Destination Service lightcontrol10.758
Address added by S4 19: FC = FC  { featureCNNk}
DestinationLocation_S5 Destination Service Livingroom0.817
Type added by S5 20: End for
D. Endcoding the feature set 21: End for
Definition 3 – The CNN feature set 22:End for
The CNN feature set, symbolized by FC, is the digital
23: Return FC

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:33:18 UTC from IEEE Xplore. Restrictions apply.
450
 2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

1
= (9)
−1
#

1
= ( , ) (10)

The descriptiveness is calculated based on validation set

and was used to re-evaluate the network model after each
training steps. The descriptiveness was normally calculated via
cross-entropy as in Equation (11) [16].
Fig. 3. A part of the CNN feature set
( , )=− log( ) (11)
E. Training phase
The input for the training phase is the feature dataset FC In each training step, the weight set will be readjusted
which is already labeled. Each element in feature matrix FC based on loss function. The training will stop as long as the
corresponds to an input neuron. The results of this stage are the network converges, which means that the loss function was
weights of neural links and weight matrix shared in each under the accepted threshold. At the end of training step, the
convolution layer. In CNN, there are N convolution layers, M weight set acquired will be used in testing phase.
neurons of the vector layer and K output neurons –
corresponding to K labels, then the number of weights can be F. Detection phase
calculated by Equation (6): In the detection phase, initial feature dataset were
extracted from the raw recorded data, then improved and
turned into feature matrix Fc. This matrix would be put to
= ∗ +1 + ∗ (6)
CNN with the weight set acquired from the training stage. The
output layer decides which labels of each neuron’s output are
where, identified. We use softmax activation function to compute the
jth output value according to Equation (12) [19, 21].
 is the total number of weights in the network oj
 ∗ is the size of jth window filter in ith e
f j ( z) = n
convolution layer ok (12)
 Li is the number of filters in ith convolution layer. åe
k =1
In the training stage, each input matrix, which is proceeded
to the network with the corresponding weights will create the Softmax function computes probability of each output
real label set, and based on it to evaluate the loss function and based on neuron and corresponding weights of previous fully
back propagation to adjust the weights set. Loss function, connected layers. Softmax function will return a value between
denoted by l, will be calculated via compactness loss and [0, 1]. The max value of softmax will be output’s label.
descriptiveness loss in Equation (7), where   [0, 1] is the IV. EXPERIMENT
scale factor to evaluate the priority of the model whether it’s
based on training set or validation set. A. Description of experiment
l = lC +  * lD (7) To evaluate the proposed method, we have done the
experiment using the IoT intrusion dataset, which contains
Compactness was used to assess the error of real labeled 357952 samples with 8 classes and distributed in Table III.
dataset compared with the training data set. Some methods
were used to calculate the distance between two points in a TABLE III. DISTRIBUTION OF THE DATA SET
dataset, such as Mahattan, Euclidian, etc. This research uses Lables Description Number of
Euclidian distance between vector x and vector y as in samples
Equation (8), where x={xi | i=1..n} and y = {yi | i=1..n}. Mean Normal Normal state of an IoT system 347935
of xi in the dataset was calculated as the average of the DoSattack IoT system attacked by DoS 5780
remained vectors, as in Equation (9). The compactness was Scan A device accesses a range of others 1547
calculated by the average distance of each xi and mi, as in MaliciousControl A device tries to take control over 889
Equation (10) [19, 21]. another
MaliciousOperation A device performs wrong operation 805
Spying A device reads values a few other 532
devices
=| − |= | − | (8) DataProbing A device writes anomalous data 342
types
WrongSetUp A device operates in wrong place 122
Total of samples 357952

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:33:18 UTC from IEEE Xplore. Restrictions apply.
451
 2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

The experimental environment is described in Table IV.  FP: The false number of classified samples of normal
With this environment, we implement our programs including label
a feature improvement program, a feature encoding program  TN: The true number of classified samples of attack
and IoT intrusion detection program that includes two phase  FN: The false number of classified samples of attack.
such as training and detection. We used TensorFlow and Keras
libraries to build our experimental program shown in Fig. 4.
The experimental results are summarized in Table VI. The
Table V describes the CNN structure implemented in the
comparison chart of results, corresponding to the original
experimental program.
feature set and the improved feature set, is shown in Fig. 5. As
TABLE IV. EXPERIMENTAL ENVIRONMENT
shown in Table VI, the average accuracy of our method is
98.9%. Compared to other methods of detecting intrusion such
Hardware CPU: Intel Corei5, 4 cores of 2.24 GHz as SVM with the max accuracy of 98.0 % [10], MEM
RAM: 8 GB (Maximum Entropy Model) with the max accuracy of 97.0 %
HDD: 500 GB
Software Operating system: Windows 10
[3], etc., the proposed method has a higher accuracy, specially
Anaconda3 running a large data set.
Python: 3.7
TABLE VI. EXPERIMENTAL RESULTS

Number Precision Recall F1-score ACC

F0 F1 F0 F1 F0 F1 F0 F1
1 0.965 0.982 0.972 0.992 0.968 0.987 0.985 0.992
2 0.958 0.985 0.961 0.987 0.959 0.986 0.989 0.990
3 0.972 0.980 0.972 0.996 0.972 0.988 0.985 0.987
4 0.945 0.988 0.951 0.950 0.948 0.969 0.979 0.985
5 0.968 0.996 0.970 0.996 0.969 0.996 0.965 0.996
6 0.956 0.985 0.958 0.995 0.957 0.990 0.975 0.985
7 0.948 0.986 0.949 0.998 0.948 0.992 0.968 0.988
8 0.962 0.993 0.965 0.996 0.963 0.994 0.984 0.993
9 0.952 0.990 0.960 0.998 0.956 0.994 0.981 0.986
10 0.963 0.995 0.968 0.996 0.965 0.995 0.965 0.987
Average 0.959 0.988 0.963 0.990 0.961 0.989 0.978 0.989

Fig. 4. A code segment of our experimental program

TABLE V. CNN STRUCTURE USING FOR IOT INTRUTION DETECTION

Layer Output Shape

Input (32, 32, 1)
Conv2d_1 (32, 32, 2)
Max_pooling2d (31, 31, 2)
Conv2d_2 (31, 31, 2)
Max_pooling2d (30, 30, 2)
Full connect vector 1800
Output 8
B. Experimental results and evaluation
To evaluate the experiment, we used the K-fold cross
validation method with 10-fold and measures such as
Precision, Recall, F1-score, Acc (Accuracy). These measures Fig. 5. Experimental results and evaluation measures
are calculated by Equations (13), (14), (15) and (16).
V. CONCLUSION AND FUTURE WORK
= (13) The main contribution of the paper is to propose a new
+ method to detect intrusion in IoT systems based on CNN.
Theoretically, the paper proposed and developed the method of
= (14) improving the feature set based on frequency; building a
+
general model for IoT intrusion detection problem based on
2∗ ∗ CNN; analyzing and evaluating structure and parameters of the
− = (15)
+ CNN model in this problem. In terms of experiment, the paper
+ implemented and evaluated this method using K-fold cross
= (16) validation method. Compared to some other approaches, the
+ + +
proposed method in the paper is more accurate.
where,
Despite the satisfactory results, the paper still has some
 TP: The true number of classified samples of normal limitations such as the number of classes is small, the number
label of samples is limited, the distribution of samples per class is

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:33:18 UTC from IEEE Xplore. Restrictions apply.
452
 2019 6th NAFOSTED Conference on Information and Computer Science (NICS)

not balanced. Therefore, we will continue to research and Research in Adaptive and Convergent Systems', ACM, New York, NY,
improve our method in fields as follows: evaluation and USA, pp. 149--153.
selection of good parameters; selecting good network [10] Khan, L.; Awad, M. & Thuraisingham, B. (2007), 'A New Intrusion
Detection System Using Support Vector Machines and Hierarchical
structures; experiment with other data sets having more classes. Clustering', The VLDB Journal 16(4), 507--521.
ACKNOWLEDGMENTS [11] Khan, R. U.; Xiaosong, Z.; Alazab, M. & Kumar, R. (2018), 'An
Improved Convolutional Neural Network model for Intrusion Detection
We would like to thank Vietnam National Foundation in Networks', EasyChair Preprint no. 638.
Science and Technology Development - NAFOSTED partly [12] Kim, T.; Kang, B.; Rho, M.; Sezer, S. & Im, E. G. (2019), 'A
supporting attendences and presentation of this research. multimodal deep learning method for android malware detection using
various features', IEEE Transactions on Information Forensics and
REFERENCES Security 14(3), 773--788.
[13] Kolosnjaji, B.; Zarras, A.; Webster, G. & Eckert, C. ( 2016 ), Deep
Learning for Classification of Malware System Call Sequences, in ' 29th
[1] Amrita & Ahmed, P. (2012), 'A study of feature selection methods in Australasian Joint Conference on Artificial Intelligence (AI) '.
intrusion detection system: A survey', 6. International Journal of [14] Kumar, R.; Xiaosong, Z.; Khan, R. U.; Kumar, J. & Ahad, I. (2018),
Computer Science Engineering and Information Technology Research 2, 'Effective and Explainable Detection of Android Malware based on
1-25. Machine Learning Algorthims', EasyChair Preprint no. 633.
[2] El Mrabet, Z.; Ezzari, M.; Elghazi, H. & El Majd, B. A. (2019), Deep [15] Li, J.; Zhao, Z. & Li, R. (2017), 'A Machine Learning Based Intrusion
Learning-Based Intrusion Detection System for Advanced Metering Detection System for Software Defined 5G Network', CoRR
Infrastructure, in 'Proceedings of the 2Nd International Conference on abs/1708.04571.
Networking, Information Systems & Security', ACM, New York, NY,
USA, pp. 58:1--58:7. [16] McLaughlin, N.; Del Rincon, J. M.; Kang, B. J.; Yerima, S.; Miller, P.;
Sezer, S.; Safaei, Y.; Trickel, E.; Zhao, Z.; Doupe, A. & Ahn, G.-J.
[3] Gu, Y.; McCallum, A. & Towsley, D. (2005), Detecting Anomalies in (2017), Deep android malware detection, in 'CODASPY 2017 -
Network Traffic Using Maximum Entropy Estimation, in 'Proceedings Proceedings of the 7th ACM Conference on Data and Application
of the 5th ACM SIGCOMM Conference on Internet Measurement', Security and Privacy', Association for Computing Machinery, Inc, , pp.
USENIX Association, Berkeley, CA, USA, pp. 32--32. 301--308.
[4] Hahn, S.; Protsenko, M. & Müller, T. (2016), Comparative evaluation of [17] Saxe, J. & Berlin, K. (2015), 'Deep Neural Network Based Malware
machine learning-based malware detection on android., in Michael Detection Using Two Dimensional Binary Program Features.', CoRR
Meier; Delphine Reinhardt & Steffen Wendzel, ed., 'Sicherheit 2016 - abs/1508.03096.
Sicherheit, Schutz und Zuverlässigkeit', Gesellschaft für Informatik e.V.,
Bonn, pp. 79-88. [18] Sewak, M.; Sahay, S. K. & Rathore, H. (2018), An Investigation of a
Deep Learning Based Malware Detection System, in 'Proceedings of the
[5] He, N.; Wang, T.; Chen, P.; Yan, H. & Jin, Z. (2018), An Android 13th International Conference on Availability, Reliability and Security',
Malware Detection Method Based on Deep AutoEncoder, in ACM, New York, NY, USA, pp. 26:1--26:5.
'Proceedings of the 2018 Artificial Intelligence and Cloud Computing
Conference', ACM, New York, NY, USA, pp. 88--93. [19] Xu, Z.; Ren, K.; Qin, S. & Craciun, F. (2018), 'Android Malware
Detection Based on Deep Learning Using CFG and DFG', Lecture Notes
[6] Hein, C. L. P. M. & Myo, K. M. (2018), 'Permission-based Feature in Computer Science 11232, 177--193.
Selection for Android Malware Detection and Analysis', International
Journal of Computer Applications 181(19), 29-39. [20] Yakura, H.; Shinozaki, S.; Nishimura, R.; Oyama, Y. & Sakuma, J.
(2018), Malware Analysis of Imaged Binary Samples by Convolutional
[7] Jabbar, M. & Aluvalu, R. (2018), 'Intrusion Detection System for the Neural Network with Attention Mechanism, in 'Proceedings of the
Internet of Things: A Review', IET Conference Proceedings, 51 (6 pp.)- Eighth ACM Conference on Data and Application Security and Privacy',
51 (6 pp.). ACM, New York, NY, USA, pp. 127--134.
[8] Javaid, A.; Niyaz, Q.; Sun, W. & Alam, M. (2016), A Deep Learning [21] Yuan, Z.; Lu, Y.; Wang, Z. & Xue, Y. (2014), Droid-Sec: deep learning
Approach for Network Intrusion Detection System, in 'Proceedings of in android malware detection., in Fabián E. Bustamante; Y. Charlie Hu;
the 9th EAI International Conference on Bio-inspired Information and Arvind Krishnamurthy & Sylvia Ratnasamy, ed., 'SIGCOMM', ACM, ,
Communications Technologies (Formerly BIONETICS)', ICST pp. 371-372.
(Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering), ICST, Brussels, Belgium, Belgium, [22] Zarpelo, B. B.; Miani, R. S.; Kawakani, C. T. & de Alvarenga, S. C.
pp. 21--26. (2017), 'A Survey of Intrusion Detection in Internet of Things', J. Netw.
Comput. Appl. 84(C), 25--37.
[9] Jung, J.; Choi, J.; Cho, S.-j.; Han, S.; Park, M. & Hwang, Y. (2018),
Android Malware Detection Using Convolutional Neural Networks and
Data Section Images, in 'Proceedings of the 2018 Conference on

Authorized licensed use limited to: FLORIDA INTERNATIONAL UNIVERSITY. Downloaded on August 18,2023 at 18:33:18 UTC from IEEE Xplore. Restrictions apply.
453