I. Introduction
Malware is malicious software created to access a computer or any other device and cause damages to it. Malicious programs try to find their way to the targeted systems, which are usually connected to Internet most of the time, either for work or for personal use, with the widespread of IoT technology. We can easily notice that IoT technology is vulnerable to malware attacks especially due to the fact that IoT devices lack robust security measures [1]. In this concern, different methods were proposed which try to detect malware programs relying on specific features within the apps. Those features can be classified with regards to their type either as static or dynamic, which depends on the nature of the used detection method [2] (i.e., signature-based, behavioral-based or heuristic-based method). Various methods and techniques were proposed in literature to enhance the array of computer security means where the use of (deep) neural networks [3] and evolutionary algorithms (EAs) [4], [5], was particularly present in recent works. Those methods showed interesting results in detecting malware when assessed using static stored malicious samples which is no longer the case when tested against new unknown variants of malware. This can be explained by the lack of diversity of the malware samples. In another perspective, many works relied on machine learning classifiers [6] to set new detection rules but those rules led to high percentages of false positives. In this paper, we propose a two-step detection approach, named IMMU-Det, which is distinguished by the combination of a Memetic Algorithm (MA) and an Artificial Immune system (AIS) based algorithm relying on a clonal selection process to generate a diverse population of immune cells (detectors in our case). The first step is the one that will generate a new set of “memes”, those are the malicious variants (vectors of Application Programming Interface (API) calls) that will serve, in the following step, as input (antigens) to the AIS based algorithm which, in turn, will produce detectors. Those detectors will help reveal the true nature of unknown applications.