Base Semantics - Rule Set

The rapid evolution of malware variants has increasingly undermined traditional signature-based detection techniques, which are easily evaded through obfuscation and polymorphism that preserve malicious functionality. This challenge is particularly acute in Internet of Things (IoT) environments, where device heterogeneity, resource constraints, and large-scale deployment limit the adoption of heavyweight security mechanisms. As a result, IoT systems have become prime targets for sophisticated malware campaigns, including botnets, ransomware, and spyware, highlighting the need for adaptive, lightweight, and behaviourally robust detection approaches. This paper addresses a fundamental limitation of existing malware detection systems by exploiting persistent semantic characteristics that remain invariant across evolving variants within malware families. A comprehensive methodology combining static, dynamic, and memory analysis is employed to extract core semantic features that capture essential malicious behaviours. These features are used to construct compact semantic signatures capable of detecting previously unseen and zero-day variants within the same family. Extensive experimental evaluation demonstrates that the proposed approach significantly improves detection accuracy while reducing the size of the signature database. Comparative analysis against three state-of-the-art anti-malware tools shows superior accuracy, lower memory overhead, and faster scanning performance. Overall, this work provides a robust and scalable semantic-based detection framework for both host-based and IoT security systems in an evolving malware landscape.