IIoT Deep Malware Threat Hunting: From Adversarial Example Detection to Adversarial Scenario Detection

Bardia Esmaeili, Amin Azmoodeh, Ali Dehghantanha*, Hadis Karimipour, Behrouz Zolfaghari, Mohammad Hammoudeh

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)


Protecting widely used deep classifiers against black-box adversarial attacks is a recent research challenge in many security-related areas, including malware classification. This class of attacks relies on optimizing a sequence of highly similar queries to bypass given classifiers. In this article, we leverage this property and propose a history-based method named, stateful query analysis (SQA), which analyzes sequences of queries received by a malware classifier to detect black-box adversarial attacks on an industrial Internet of Things (IIoT). In the SQA pipeline, there are two components, namely the similarity encoder and the classifier, both based on convolutional neural networks. Unlike the state-of-the-art methods, which aim to identify individual adversarial examples, tracking the history of queries allows our method to identify adversarial scenarios and abort attacks before their completion. We optimize SQA using different combinations of hyperparameters on an advanced risc machine (ARM)-based IIoT malware dataset, widely adopted for malware threat hunting in industry 4.0. The use of a novel distance metric in calculating the loss function of the similarity encoder results in more disentangled representations and improves the performance of our method. Our evaluations demonstrate the validity of SQA via a detection rate of 93.1% over a wide range of adversarial examples.

Original languageEnglish
Pages (from-to)8477-8486
Number of pages10
JournalIEEE Transactions on Industrial Informatics
Issue number12
Publication statusPublished - 2022 Dec 1
Externally publishedYes


  • Adversarial detection
  • Industry 4.0
  • convolutional neural networks (CNNs)
  • industrial Internet of Things (IIoT)
  • malware classification
  • malware threat hunting

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Information Systems
  • Computer Science Applications
  • Electrical and Electronic Engineering


Dive into the research topics of 'IIoT Deep Malware Threat Hunting: From Adversarial Example Detection to Adversarial Scenario Detection'. Together they form a unique fingerprint.

Cite this