From Propagation to Detection: A Unified SEIR-Based Simulation and Deep Learning Framework for IoT Malware in Interactive Mobile Environments

Authors

  • Dwi Ely Kurniawan Department of Informatics Engineering, Politeknik Negeri Batam, Indonesia
  • Ahmadi Irmansyah Lubis Department of Informatics Engineering, Politeknik Negeri Batam, Indonesia
  • Noper Ardi Department of Informatics Engineering, Politeknik Negeri Batam, Indonesia

Keywords:

IoT malware detection, SEIR propagation model, Transformer-BiLSTM, Mobile IoT security, Epidemic simulation

Abstract

The rapid growth of Internet of Thing (IoT) devices in highly connected mobile environments has increases the risk of malware propagation. Existing studies mainly focus on either malware propagation modeling or malware detection, leaving a gap between understanding malware spread and accurately identifying attacks. This study proposes SEIR-DLFNet, a unified framework integrating an extended Susceptible-Exposed-Infected-Recovered (SEIR) model with a hybrid Transformer BiLSTM network. The SEIR model captures device-to-device communication, mobility, partial immunity loss, and quarantine mechanisms to generate synthetic traffic that augments the CICIoT2023 and CIC IoT-DIAD 2024 datasets. Experimental  results show that SEIR-DLFNet achieves 99.31% accuracy, 99.28% F1-score, and 99.44% AUC-ROC across seven attack categories. SEIR-based synthetic data augmentation improves detection accuracy by 2.71 percentage points compared with using empirical data alone. Furthermore, zero-shot evaluation on a previously unseen polymorphic Mirai variant achieves an F1-score of 94.17%, outperforming the strongest baseline by 6.84 percentage points. These result demonstrate that integrating epidemic-based malware propagation modeling with deep learning enhances both malware detection performance and generalization to emerging IoT threats.

Downloads

Published

2026-07-02

Issue

Section

Articles