Lightweight Node-level Malware Detection and Network-level Malware Confinement in IoT Networks

Dinakarrao, Sai Manoj Pudukotai; Sayadi, Hossein; Makrani, Hosein Mohammadi; Nowzari, Cameron; Rafatirad, Setareh; Homayoun, Houman

doi:10.23919/date.2019.8715057

Cited by 36 publications

(12 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IoT technology has different characteristics, so that it has a more significant problem in detecting malware in real-time. The first challenge is developing a fast and lightweight detection system without using huge costs [9]. Second, developing energy-efficient detection systems with limited resources [18], and the third one is identifying known malware and new malware in real cyberattacks using a small dataset at the time of the experiment [20].…”

Section: Discussion and Analysismentioning

confidence: 99%

The trend malware source of IoT network

Susanto¹,

Arifin

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

<span>Malware may disrupt the internet of thing (IoT) system/network when it resides in the network, or even harm the network operation. Therefore, malware detection in the IoT system/network becomes an important issue. Research works related to the development of IoT malware detection have been carried out with various methods and algorithms to increase detection accuracy. The majority of papers on malware literature studies discuss mobile networks, and very few consider malware on IoT networks. This paper attempts to identify problems and issues in IoT malware detection presents an analysis of each step in the malware detection as well as provides alternative taxonomy of literature related to IoT malware detection. The focuses of the discussions include malware repository dataset, feature extraction methods, the detection method itself, and the output of each conducted research. Furthermore, a comparison of malware classification approaches accuracy used by researchers in detecting malware in IoT is presented.</span>

show abstract

Section: Discussion and Analysismentioning

confidence: 99%

The trend malware source of IoT network

Susanto¹,

Arifin

Stiawan

et al. 2021

IJEECS

View full text Add to dashboard Cite

show abstract

“…Through this method, the size of each block header is roughly decreased to 200 bytes; meanwhile, the nodes can still verify the payments through the root hash. To further reduce the storage consumption, a new kind of nodes termed light-nodes is introduced in [13], [14]. In contrast to the traditional fullnodes who preserving the complete blocks, the light-nodes merely store the block headers.…”

Section: A Related Workmentioning

confidence: 99%

PartitionChain: A Scalable and Reliable Data Storage Strategy for Permissioned Blockchain

Qian

Pang

2023

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

Blockchain, a specific distributed database which maintains a list of data records against tampering and corruption, has aroused wide interests and become a hot topic in the real world. Nevertheless, the increasingly heavy storage consumption brought by the full-replication data storage mechanism, becomes a bottleneck to the system scalability. To address this problem, a reliable storage scheme named BFT-Store [1], integrating erasure coding with Byzantine Fault Tolerance (BFT), was proposed recently. While, three critical problems are still left open: (i) The complex re-initialization process of the blockchain when the number of nodes varies; (ii) The high computational overload of downloading data; (iii) The massive communication on the network.This paper proposes a better trade-off for blockchain storage scheme termed PartitionChain which addresses the above three problems, maintaining the merits of BFT-Store. Firstly, our scheme allows the original nodes to merely update a single aggregate signature (e.g., 320 bits) when the number of nodes varies. Using aggregate signatures as the proof of the encoded data not only saves the storage costs but also gets rid of the trusted third party. Secondly, the computational complexity of retrieving data by decoding, compared to BFT-Store, is greatly reduced by about 2 18 times on each node. Thirdly, the amount of transmitted data for recovering each block is reduced from O(n) (assuming n is the number of nodes) to O(1), by partitioning each block into smaller pieces and applying Reed-Solomon coding to each block. Furthermore, this paper also introduces a reputation ranking system where the malicious behaviors of the nodes can be detected and marked, enabling PartitionChain to check the credits of each node termly and expel the nodes with misbehavior to the specific extent. Comparing with BFT-Store, our scheme allows blockchain system to suit dynamic network with higher efficiency and scalability.

show abstract

“…Furthermore, they are unable to detect unknown threats making them unsuitable for devices with limited available computing and memory resources. The emergence of new malware threats requires patching or updating the software-based malware detection solutions (such as off-the-shelf anti-virus) that needs a vast amount of memory and hardware resources, which is not feasible for emerging computing systems especially in embedded mobile and IoT devices [3,14,15]. In addition, most of these advanced analysis techniques are architecture-dependent i.e., dependent on the underlying hardware, which makes the existing traditional malware detection techniques hard to import onto emerging embedded computing devices [4,14].…”

Section: Introductionmentioning

confidence: 99%

“…HMD methods reduce the latency of the detection process by order of magnitude with a small hardware overhead. In particular, recent studies have shown that malware can be differentiated from normal programs by classifying anomalies using Machine Learning (ML) techniques in low-level microarchitectural feature spaces captured by Hardware Performance Counters (HPCs) [4,[14][15][16][17][18][19][20][21][22] to appropriately represent the application behavior. The HPCs are special-purpose registers implemented into modern microprocessors to capture the trace of hardware-related events such as executed instructions, suffered cache-misses, or mispredicted branches for a running program [16,18,23].…”

Section: Introductionmentioning

confidence: 99%

Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, yet Effective Time Series CNN-Based Approach

et al. 2021

Self Cite

View full text Add to dashboard Cite

According to recent security analysis reports, malicious software (a.k.a. malware) is rising at an alarming rate in numbers, complexity, and harmful purposes to compromise the security of modern computer systems. Recently, malware detection based on low-level hardware features (e.g., Hardware Performance Counters (HPCs) information) has emerged as an effective alternative solution to address the complexity and performance overheads of traditional software-based detection methods. Hardware-assisted Malware Detection (HMD) techniques depend on standard Machine Learning (ML) classifiers to detect signatures of malicious applications by monitoring built-in HPC registers during execution at run-time. Prior HMD methods though effective have limited their study on detecting malicious applications that are spawned as a separate thread during application execution, hence detecting stealthy malware patterns at run-time remains a critical challenge. Stealthy malware refers to harmful cyber attacks in which malicious code is hidden within benign applications and remains undetected by traditional malware detection approaches. In this paper, we first present a comprehensive review of recent advances in hardware-assisted malware detection studies that have used standard ML techniques to detect the malware signatures. Next, to address the challenge of stealthy malware detection at the processor’s hardware level, we propose StealthMiner, a novel specialized time series machine learning-based approach to accurately detect stealthy malware trace at run-time using branch instructions, the most prominent HPC feature. StealthMiner is based on a lightweight time series Fully Convolutional Neural Network (FCN) model that automatically identifies potentially contaminated samples in HPC-based time series data and utilizes them to accurately recognize the trace of stealthy malware. Our analysis demonstrates that using state-of-the-art ML-based malware detection methods is not effective in detecting stealthy malware samples since the captured HPC data not only represents malware but also carries benign applications’ microarchitectural data. The experimental results demonstrate that with the aid of our novel intelligent approach, stealthy malware can be detected at run-time with 94% detection performance on average with only one HPC feature, outperforming the detection performance of state-of-the-art HMD and general time series classification methods by up to 42% and 36%, respectively.

show abstract

Lightweight Node-level Malware Detection and Network-level Malware Confinement in IoT Networks

Cited by 36 publications

References 14 publications

The trend malware source of IoT network

The trend malware source of IoT network

PartitionChain: A Scalable and Reliable Data Storage Strategy for Permissioned Blockchain

Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, yet Effective Time Series CNN-Based Approach

Contact Info

Product

Resources

About