{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T04:37:01Z","timestamp":1777869421224,"version":"3.51.4"},"reference-count":69,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T00:00:00Z","timestamp":1774396800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100011722","name":"Yokohama National University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100011722","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012389","name":"National Institute of Information and Communications Technology","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012389","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information Systems"],"published-print":{"date-parts":[[2026,8]]},"DOI":"10.1016\/j.is.2026.102722","type":"journal-article","created":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T16:46:17Z","timestamp":1775493977000},"page":"102722","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["CIC-YNU-IoTMal: A comprehensive multilayer dataset for static and dynamic analysis of IoT malware behavior"],"prefix":"10.1016","volume":"140","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5582-0255","authenticated-orcid":false,"given":"Sajjad","family":"Dadkhah","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0686-2763","authenticated-orcid":false,"given":"Ogobuchi Daniel","family":"Okey","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0003-7766-4315","authenticated-orcid":false,"given":"Sebin Abraham","family":"Maret","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0001-4869-1811","authenticated-orcid":false,"given":"Yen-Wu","family":"Lo","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4234-9796","authenticated-orcid":false,"given":"Amir","family":"Firouzi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-8916-0661","authenticated-orcid":false,"given":"Ryu","family":"Kuki","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6771-9915","authenticated-orcid":false,"given":"Takayuki","family":"Sasaki","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0964-8631","authenticated-orcid":false,"given":"Katsunari","family":"Yoshioka","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9616-3212","authenticated-orcid":false,"given":"Tao","family":"Ban","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0965-0064","authenticated-orcid":false,"given":"Seiichi","family":"Ozawa","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9189-6268","authenticated-orcid":false,"given":"Ali A.","family":"Ghorbani","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.is.2026.102722_b1","first-page":"1","article-title":"Unlocking the potential of the Internet of Things","volume":"1","author":"Manyika","year":"2015","journal-title":"McKinsey Glob. Inst."},{"issue":"7","key":"10.1016\/j.is.2026.102722_b2","doi-asserted-by":"crossref","first-page":"1645","DOI":"10.1016\/j.future.2013.01.010","article-title":"Internet of Things (IoT): A vision, architectural elements, and future directions","volume":"29","author":"Gubbi","year":"2013","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.is.2026.102722_b3","series-title":"Advanced Machine Learning for Cyber-Attack Detection in IoT Networks","first-page":"165","article-title":"Transfer learning with CNN for cyber-attack detection in IoT networks","author":"Okey","year":"2025"},{"issue":"6","key":"10.1016\/j.is.2026.102722_b4","article-title":"IoT malware detection using static and dynamic analysis techniques: A systematic literature review","volume":"7","author":"Kumar","year":"2024","journal-title":"Secur. Priv."},{"issue":"20","key":"10.1016\/j.is.2026.102722_b5","doi-asserted-by":"crossref","first-page":"15422","DOI":"10.1109\/JIOT.2021.3063840","article-title":"An evolutionary study of IoT malware","volume":"8","author":"Wang","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.is.2026.102722_b6","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1016\/j.cose.2014.05.011","article-title":"An empirical comparison of botnet detection methods","volume":"45","author":"Garcia","year":"2014","journal-title":"Comput. Secur."},{"key":"10.1016\/j.is.2026.102722_b7","doi-asserted-by":"crossref","DOI":"10.1016\/j.iot.2024.101351","article-title":"CICIoMT2024: A benchmark dataset for multi-protocol security assessment in IoMT","volume":"28","author":"Dadkhah","year":"2024","journal-title":"Internet Things"},{"key":"10.1016\/j.is.2026.102722_b8","series-title":"2025 International Conference on Software, Telecommunications and Computer Networks","first-page":"1","article-title":"Enhancing IoT security via optimized dual chain-channel device identification and attack detection scheme","author":"Okey","year":"2025"},{"issue":"13","key":"10.1016\/j.is.2026.102722_b9","doi-asserted-by":"crossref","first-page":"5941","DOI":"10.3390\/s23135941","article-title":"CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment","volume":"23","author":"Neto","year":"2023","journal-title":"Sens."},{"key":"10.1016\/j.is.2026.102722_b10","series-title":"2025 5th International Conference on Innovative Research in Applied Science, Engineering and Technology","first-page":"1","article-title":"A malware detection approach for internet of medical things using machine learning","author":"Rbah","year":"2025"},{"issue":"7","key":"10.1016\/j.is.2026.102722_b11","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and other botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"10.1016\/j.is.2026.102722_b12","unstructured":"M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J.A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the mirai botnet, in: 26th USENIX Security Symposium, USENIX Security 17, 2017, pp. 1093\u20131110."},{"key":"10.1016\/j.is.2026.102722_b13","series-title":"Proceedings of the 15th International Conference on Availability, Reliability and Security","article-title":"PaperW8: an IoT bricking ransomware proof of concept","author":"Brierley","year":"2020"},{"key":"10.1016\/j.is.2026.102722_b14","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1016\/j.comnet.2014.11.008","article-title":"Security, privacy and trust in Internet of Things: The road ahead","volume":"76","author":"Sicari","year":"2015","journal-title":"Comput. Netw."},{"key":"10.1016\/j.is.2026.102722_b15","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2025.112908","article-title":"An advanced ensemble framework for defending against obfuscated windows, android, and IoT malware","volume":"173","author":"Vasan","year":"2025","journal-title":"Appl. Soft Comput."},{"issue":"1","key":"10.1016\/j.is.2026.102722_b16","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11334-022-00461-7","article-title":"Lightweight CNN-based malware image classification for resource-constrained applications","volume":"21","author":"Hota","year":"2025","journal-title":"Innov. Syst. Softw. Eng."},{"key":"10.1016\/j.is.2026.102722_b17","first-page":"1","article-title":"A lightweight CNN malware classification method for software detection","author":"Chen","year":"2025","journal-title":"Int. J. Mach. Learn. Cybern."},{"key":"10.1016\/j.is.2026.102722_b18","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103476","article-title":"Investigating ChatGPT and cybersecurity: A perspective on topic modeling and sentiment analysis","volume":"135","author":"Okey","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.is.2026.102722_b19","unstructured":"OpenAI, GPT-4.1 mini model \u2014 OpenAI API. URL: https:\/\/platform.openai.com."},{"key":"10.1016\/j.is.2026.102722_b20","doi-asserted-by":"crossref","first-page":"262","DOI":"10.1109\/OJCS.2020.3033974","article-title":"Efficient detection and classification of Internet-of-Things malware based on byte sequences from executable files","volume":"1","author":"Wan","year":"2020","journal-title":"IEEE Open J. Comput. Soc."},{"issue":"5","key":"10.1016\/j.is.2026.102722_b21","doi-asserted-by":"crossref","first-page":"3770","DOI":"10.1109\/JIOT.2021.3100063","article-title":"IoT malware classification based on lightweight convolutional neural networks","volume":"9","author":"Yuan","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"10.1016\/j.is.2026.102722_b22","series-title":"2021 International Seminar on Machine Learning, Optimization, and Data Science","first-page":"12","article-title":"Lightweight convolution neural network for image-based malware classification on embedded systems","author":"Fathurrahman","year":"2022"},{"issue":"4","key":"10.1016\/j.is.2026.102722_b23","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1016\/j.icte.2020.04.005","article-title":"A survey of IoT malware and detection methods based on static features","volume":"6","author":"Ngo","year":"2020","journal-title":"ICT Express"},{"issue":"4","key":"10.1016\/j.is.2026.102722_b24","doi-asserted-by":"crossref","first-page":"2351","DOI":"10.1109\/COMST.2021.3106669","article-title":"A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems","volume":"23","author":"Franco","year":"2021","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"10.1016\/j.is.2026.102722_b25","series-title":"Proceedings of the 52nd Annual Design Automation Conference","article-title":"Security and privacy challenges in industrial internet of things","author":"Sadeghi","year":"2015"},{"key":"10.1016\/j.is.2026.102722_b26","article-title":"IMCLNet: A lightweight deep neural network for image-based malware classification","volume":"70","author":"Zou","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.is.2026.102722_b27","series-title":"Machine Learning for Anomaly Detection in Iot Networks: Malware Analysis on the Iot-23 Data Set","author":"Stoian","year":"2020"},{"key":"10.1016\/j.is.2026.102722_b28","doi-asserted-by":"crossref","first-page":"96899","DOI":"10.1109\/ACCESS.2020.2995887","article-title":"Dynamic analysis for IoT malware detection with convolution neural network model","volume":"8","author":"Jeon","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.is.2026.102722_b29","series-title":"Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses","first-page":"230","article-title":"AVClass: A tool for massive malware labeling","author":"Grill","year":"2017"},{"key":"10.1016\/j.is.2026.102722_b30","series-title":"QEMU: A generic and open source machine emulator and virtualizer","author":"QEMU Project","year":"2024"},{"key":"10.1016\/j.is.2026.102722_b31","series-title":"OpenWrt: A linux operating system targeting embedded devices","author":"OpenWrt Project","year":"2024"},{"key":"10.1016\/j.is.2026.102722_b32","series-title":"2014 IEEE 38th Annual Computer Software and Applications Conference","first-page":"384","article-title":"A forensic analysis of android malware\u2013how is malware written and how it could be detected?","author":"Allix","year":"2014"},{"key":"10.1016\/j.is.2026.102722_b33","article-title":"The evolution of Mirai botnet scans over a six-year period","volume":"79","author":"Affinito","year":"2023","journal-title":"J. Inf. Secur. Appl."},{"key":"10.1016\/j.is.2026.102722_b34","series-title":"2013 20th Working Conference on Reverse Engineering","first-page":"449","article-title":"PsybOt malware: A step-by-step decompilation case study","author":"\u010eurfina","year":"2013"},{"key":"10.1016\/j.is.2026.102722_b35","series-title":"2010 European Conference on Computer Network Defense","first-page":"3","article-title":"Embedded malware - An analysis of the chuck norris botnet","author":"\u010celeda","year":"2010"},{"key":"10.1016\/j.is.2026.102722_b36","series-title":"2017 Seventh International Conference on Emerging Security Technologies","first-page":"128","article-title":"HTTP\/2 Tsunami: Investigating HTTP\/2 proxy amplification DDoS attacks","author":"Beckett","year":"2017"},{"key":"10.1016\/j.is.2026.102722_b37","series-title":"2018 IEEE Symposium on Security and Privacy","first-page":"161","article-title":"Understanding linux malware","author":"Cozzi","year":"2018"},{"key":"10.1016\/j.is.2026.102722_b38","series-title":"Ember: an open dataset for training static pe malware machine learning models","author":"Anderson","year":"2018"},{"key":"10.1016\/j.is.2026.102722_b39","series-title":"9th USENIX Workshop on Offensive Technologies","article-title":"IoTPOT: Analysing the rise of IoT compromises","author":"Pa","year":"2015"},{"key":"10.1016\/j.is.2026.102722_b40","series-title":"Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security","first-page":"57","article-title":"SIPHON: Towards scalable high-interaction physical honeypots","author":"Guarnizo","year":"2017"},{"key":"10.1016\/j.is.2026.102722_b41","first-page":"664","article-title":"Lightweight classification of IoT malware based on image recognition","volume":"2","author":"Su","year":"2018","journal-title":"Proc. - Int. Comput. Softw. Appl. Conf."},{"issue":"9","key":"10.1016\/j.is.2026.102722_b42","article-title":"Honeything: A new honeypot design for cpe devices","volume":"12","author":"Erdem","year":"2018","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"10.1016\/j.is.2026.102722_b43","series-title":"U-pot: A honeypot framework for upnp-based iot devices","author":"Hakim","year":"2018"},{"key":"10.1016\/j.is.2026.102722_b44","series-title":"IOP Conference Series: Materials Science and Engineering","article-title":"The performance of iot malware detection technique using feature selection and feature reduction in fog layer","volume":"Vol. 928","author":"Khammas","year":"2020"},{"key":"10.1016\/j.is.2026.102722_b45","doi-asserted-by":"crossref","DOI":"10.1016\/j.adhoc.2020.102098","article-title":"End-to-end malware detection for android IoT devices using deep learning","volume":"101","author":"Ren","year":"2020","journal-title":"Ad Hoc Netw."},{"key":"10.1016\/j.is.2026.102722_b46","series-title":"ICC 2020-2020 IEEE International Conference on Communications","first-page":"1","article-title":"IoTCMal: Towards a hybrid IoT honeypot for capturing and analyzing malware","author":"Wang","year":"2020"},{"key":"10.1016\/j.is.2026.102722_b47","series-title":"Soft computing for intelligent edge computing","author":"Hassan","year":"2022"},{"issue":"11","key":"10.1016\/j.is.2026.102722_b48","article-title":"Iotcandyjar: Towards an intelligent-interaction honeypot for iot devices","volume":"1","author":"Luo","year":"2017","journal-title":"Black Hat"},{"issue":"1","key":"10.1016\/j.is.2026.102722_b49","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1109\/TSUSC.2018.2809665","article-title":"Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning","volume":"4","author":"Azmoodeh","year":"2019","journal-title":"IEEE Trans. Sustain. Comput."},{"key":"10.1016\/j.is.2026.102722_b50","series-title":"2018 IEEE Conference on Communications and Network Security","first-page":"1","article-title":"Efficient signature generation for classifying cross-architecture IoT malware","author":"Alhanahnah","year":"2018"},{"issue":"4","key":"10.1016\/j.is.2026.102722_b51","doi-asserted-by":"crossref","first-page":"201","DOI":"10.4236\/jcc.2024.124015","article-title":"A lightweight iot malware detection and family classification method","volume":"12","author":"Wang","year":"2024","journal-title":"J. Comput. Commun."},{"issue":"4","key":"10.1016\/j.is.2026.102722_b52","doi-asserted-by":"crossref","first-page":"102","DOI":"10.3390\/fi14040102","article-title":"Detecting IoT attacks using an ensemble machine learning model","volume":"14","author":"Tomer","year":"2022","journal-title":"Future Internet"},{"issue":"19","key":"10.1016\/j.is.2026.102722_b53","doi-asserted-by":"crossref","first-page":"7409","DOI":"10.3390\/s22197409","article-title":"BoostedEnML: Efficient technique for detecting cyberattacks in IoT systems using boosted ensemble machine learning","volume":"22","author":"Okey","year":"2022","journal-title":"Sens."},{"issue":"23","key":"10.1016\/j.is.2026.102722_b54","doi-asserted-by":"crossref","first-page":"9305","DOI":"10.3390\/s22239305","article-title":"Malware detection in internet of things (IoT) devices using deep learning","volume":"22","author":"Riaz","year":"2022","journal-title":"Sens."},{"issue":"1","key":"10.1016\/j.is.2026.102722_b55","doi-asserted-by":"crossref","first-page":"15498","DOI":"10.1038\/s41598-022-18936-9","article-title":"IoT malware detection architecture using a novel channel boosted and squeezed CNN","volume":"12","author":"Asam","year":"2022","journal-title":"Sci. Rep."},{"issue":"2","key":"10.1016\/j.is.2026.102722_b56","first-page":"261","article-title":"Multichannel based IoT malware detection system using system calls and opcode sequences","volume":"19","author":"Manoharan","year":"2022","journal-title":"Int. Arab. J. Inf. Technol."},{"key":"10.1016\/j.is.2026.102722_b57","series-title":"2016 IEEE International Conference on Consumer Electronics","first-page":"155","article-title":"A hybrid malware detecting scheme for mobile android applications","author":"Liu","year":"2016"},{"issue":"1","key":"10.1016\/j.is.2026.102722_b58","article-title":"Automatic analysis architecture of IoT malware samples","volume":"2020","author":"Carrillo-Mondejar","year":"2020","journal-title":"Secur. Commun. Netw."},{"issue":"1","key":"10.1016\/j.is.2026.102722_b59","first-page":"1","article-title":"Iot malware: Comprehensive survey, analysis framework and case studies","volume":"1","author":"Costin","year":"2018","journal-title":"BlackHat USA"},{"key":"10.1016\/j.is.2026.102722_b60","series-title":"YARA documentation","author":"VirusTotal","year":"2022"},{"key":"10.1016\/j.is.2026.102722_b61","series-title":"ClamAV: Open source antivirus engine","author":"Talos","year":"2023"},{"key":"10.1016\/j.is.2026.102722_b62","series-title":"YARAify: YARA scan engine","author":"Abuse.ch","year":"2023"},{"key":"10.1016\/j.is.2026.102722_b63","series-title":"Strace - Linux syscall tracer","author":"Vitaly Chaykovsky","year":"2017"},{"key":"10.1016\/j.is.2026.102722_b64","series-title":"Sar(1) - Linux manual page","author":"Michael Kerrisk","year":"2025"},{"key":"10.1016\/j.is.2026.102722_b65","series-title":"MalwareBazaar","author":"Abuse.ch","year":"2026"},{"key":"10.1016\/j.is.2026.102722_b66","series-title":"REF6138: Rudedevil and Kaiji campaign targeting linux servers","author":"Labs","year":"2024"},{"issue":"10","key":"10.1016\/j.is.2026.102722_b67","doi-asserted-by":"crossref","first-page":"2636","DOI":"10.1080\/03610918.2014.931971","article-title":"Overview of Friedman\u2019s test and post-hoc analysis","volume":"44","author":"Pereira","year":"2015","journal-title":"Comm. Statist. Simulation Comput."},{"key":"10.1016\/j.is.2026.102722_b68","series-title":"Distribution-Free Multiple Comparisons","author":"Nemenyi","year":"1963"},{"issue":"4","key":"10.1016\/j.is.2026.102722_b69","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1016\/0169-7439(89)80095-4","article-title":"Analysis of variance (ANOVA)","volume":"6","author":"St","year":"1989","journal-title":"Chemometr. Intell. Lab. Syst."}],"container-title":["Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0306437926000360?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0306437926000360?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T13:44:01Z","timestamp":1777556641000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0306437926000360"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,8]]},"references-count":69,"alternative-id":["S0306437926000360"],"URL":"https:\/\/doi.org\/10.1016\/j.is.2026.102722","relation":{"is-supplemented-by":[{"id-type":"uri","id":"https:\/\/www.unb.ca\/cic\/datasets\/ynu-iot-2026.html","asserted-by":"subject"}]},"ISSN":["0306-4379"],"issn-type":[{"value":"0306-4379","type":"print"}],"subject":[],"published":{"date-parts":[[2026,8]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"CIC-YNU-IoTMal: A comprehensive multilayer dataset for static and dynamic analysis of IoT malware behavior","name":"articletitle","label":"Article Title"},{"value":"Information Systems","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.is.2026.102722","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"102722"}}