From Propagation to Detection: A Unified SEIR-Based Simulation and Deep Learning Framework for IoT Malware in Interactive Mobile Environments
Keywords:
IoT malware detection, SEIR propagation model, Transformer-BiLSTM, Mobile IoT security, Epidemic simulationAbstract
The rapid growth of Internet of Thing (IoT) devices in highly connected mobile environments has increases the risk of malware propagation. Existing studies mainly focus on either malware propagation modeling or malware detection, leaving a gap between understanding malware spread and accurately identifying attacks. This study proposes SEIR-DLFNet, a unified framework integrating an extended Susceptible-Exposed-Infected-Recovered (SEIR) model with a hybrid Transformer BiLSTM network. The SEIR model captures device-to-device communication, mobility, partial immunity loss, and quarantine mechanisms to generate synthetic traffic that augments the CICIoT2023 and CIC IoT-DIAD 2024 datasets. Experimental results show that SEIR-DLFNet achieves 99.31% accuracy, 99.28% F1-score, and 99.44% AUC-ROC across seven attack categories. SEIR-based synthetic data augmentation improves detection accuracy by 2.71 percentage points compared with using empirical data alone. Furthermore, zero-shot evaluation on a previously unseen polymorphic Mirai variant achieves an F1-score of 94.17%, outperforming the strongest baseline by 6.84 percentage points. These result demonstrate that integrating epidemic-based malware propagation modeling with deep learning enhances both malware detection performance and generalization to emerging IoT threats.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Journal of Information System Exploration and Research

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


