Lightweight Node-level Malware Detection and Network-level Malware Confinement in IoT Networks
Sai Manoj Pudukotai Dinakarrao1,a, Hossein Sayadi1,b, Hosein Mohammadi Makrani1,c, Cameron Nowzari1,d, Setareh Rafatirad2 and Houman Homayoun1,e
1Department of Electrical and Computer Engineering
aspudukot@gmu.edu
bhsayadi@gmu.edu
chmohamm8@gmu.edu
dcnowzari@gmu.edu
ehhomayou@gmu.edu
2Department of Information Sciences and Technology, George Mason University, Fairfax VA, USA
srafatir@gmu.edu
ABSTRACT
The sheer size of IoT networks being deployed today presents an “attack surface” and poses significant security risks at a scale never before encountered. In other words, a single device/node in a network that becomes infected with malware has the potential to spread malware across the network, eventually ceasing the network functionality. Simply detecting and quarantining the malware in IoT networks does not guarantee to prevent malware propagation. On the other hand, use of traditional control theory for malware confinement is not effective, as most of the existing works do not consider real-time malware control strategies that can be implemented using uncertain infection information of the nodes in the network or have the containment problem decoupled from network performance. In this work, we propose a two-pronged approach, where a runtime malware detector (HaRM) that employs Hardware Performance Counter (HPC) values to detect the malware and benign applications is devised. This information is fed during runtime to a stochastic model predictive controller to confine the malware propagation without hampering the network performance. With the proposed solution, a runtime malware detection accuracy of 92.21% with a runtime of 10ns is achieved, which is an order of magnitude faster than existing malware detection solutions. Synthesizing this output with the model predictive containment strategy lead to achieving an average network throughput of nearly 200% of that of IoT networks without any embedded defense.
Keywords: Malware detection, IoT networks, Malware propogation, Malware confinement, Network security.
