Open Access

ARTICLE

Scalable and Resilient AI Framework for Malware Detection in Software-Defined Internet of Things

Maha Abdelhaq¹, Ahmad Sami Al-Shamayleh², Adnan Akhunzada^3,*, Nikola Ivković⁴, Toobah Hasan⁵

1 Department of Information Technology, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, P.O. Box 84428, Riyadh, 11671, Saudi Arabia
2 Department of Data Science and Artificial Intelligence, Faculty of Information Technology, Al-Ahliyya Amman University, Amman, 19328, Jordan
3 College of Computing and Information Technology, Departement of Data & Cybersecurity, University of Doha for Science & Technology, Doha, 2444, Qatar
4 Faculty of Organization and Informatics, University of Zagreb, Pavlinska 2, Varaždin, 42000, Croatia
5 COMSAT University Islamabad (CUI), Islamabad, 45550, Pakistan

* Corresponding Author: Adnan Akhunzada. Email:

(This article belongs to the Special Issue: Malware Analysis, Forensics, and Detection Using Artificial Intelligence)

Computers, Materials & Continua 2026, 87(1), 53 https://doi.org/10.32604/cmc.2025.073577

Received 21 September 2025; Accepted 24 November 2025; Issue published 10 February 2026

Abstract

The rapid expansion of the Internet of Things (IoT) and Edge Artificial Intelligence (AI) has redefined automation and connectivity across modern networks. However, the heterogeneity and limited resources of IoT devices expose them to increasingly sophisticated and persistent malware attacks. These adaptive and stealthy threats can evade conventional detection, establish remote control, propagate across devices, exfiltrate sensitive data, and compromise network integrity. This study presents a Software-Defined Internet of Things (SD-IoT) control-plane-based, AI-driven framework that integrates Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) networks for efficient detection of evolving multi-vector, malware-driven botnet attacks. The proposed CUDA-enabled hybrid deep learning (DL) framework performs centralized real-time detection without adding computational overhead to IoT nodes. A feature selection strategy combining variable clustering, attribute evaluation, one-R attribute evaluation, correlation analysis, and principal component analysis (PCA) enhances detection accuracy and reduces complexity. The framework is rigorously evaluated using the N_BaIoT dataset under k-fold cross-validation. Experimental results achieve 99.96% detection accuracy, a false positive rate (FPR) of 0.0035%, and a detection latency of 0.18 ms, confirming its high efficiency and scalability. The findings demonstrate the framework’s potential as a robust and intelligent security solution for next-generation IoT ecosystems.

---

Keywords

---

Supplementary Material

Supplementary Material File

---