Open Access

ARTICLE

MalDetect-IoT: Enhanced IoT Malware Variant Detection with a Deep Stacked Ensemble Approach

Muhammad Shaheer¹, Feng Zeng^1,*, Aqsa Yasmeen², Mudasir Ahmad Wani^3,*, Kashish Ara Shakil⁴, Muhammad Asim⁵

1 School of Computer Science and Engineering, Central South University, Changsha, 410000, Hunan, China
2 Department of Computer Science and Engineering, Govt. College University, Faisalabad, Pakistan
3 College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh, 13318, Saudi Arabia
4 Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah bint Abdulrahman University, P.O. Box 84428, Riyadh, 11671, Saudi Arabia
5 EIAS Data Science Lab, College of Computer and Information Sciences, Prince Sultan University, Riyadh, 11586, Saudi Arabia

* Corresponding Authors: Feng Zeng. Email: ; Mudasir Ahmad Wani. Email:

Computers, Materials & Continua 2026, 88(1), 76 https://doi.org/10.32604/cmc.2026.079701

Received 26 January 2026; Accepted 03 April 2026; Issue published 08 May 2026

Abstract

Malware remains a persistent and evolving threat to digital security, highlighting the need for advanced and resilient detection frameworks capable of mitigating increasingly sophisticated and evasive cyberattacks. Although deep learning ensembles have been explored, many existing approaches fail to balance computational efficiency with the diverse feature extraction capabilities needed for complex variants. To address this gap, this study proposes a novel stacking ensemble framework, MalDetect-IoT, which specifically eliminates the requirement for manual feature engineering and domain specific preprocessing traditionally required in malware classification. By fine-tuning two pre-trained models MobileNetV3 for its lightweight efficiency and Xception for its depthwise distinct convolutions within a stacked architecture, the ensemble achieves superior reliability and predictive accuracy while remaining suitable for resource limited Internet of Things (IoT) environments. The proposed approach leverages complementary features to identify nuanced structural characteristics in malware binaries transformed into images, achieving domain knowledge independence. The proposed approach was evaluated on two benchmark datasets, achieving accuracies of 98.75% on the Malimg dataset (9335 images) and 98.55% on the MaleVis dataset (14,226 images). Statistical validation via McNemar’s test and a Cohen’s kappa coefficient of 0.983 confirm that the framework consistently surpasses state of the art methodologies in effectively identifying malware instances.

---

Keywords

---