ThingNet: A Lightweight Real-time Mirai IoT Variants Hunter through CPU Power Fingerprinting
Zhuoran Lia and Dan Zhaob
Department of Computer Science Old Dominion University
azli003@odu.edu
bdzhao@odu.edu
ABSTRACT
Internet of Things (IoT) devices have become attractive targets of cyber criminals, whereas attackers have been leveraging these vulnerable devices most notably via the infamous Mirai-based botnets, accounting for nearly 90% of IoT malware attacks in 2022. In this work, we propose a robust, universal and non-invasive Mirai-based malware detection engine employing a compact deep neural network architecture. Our design allows programmatic collection of CPU power footprints with integrated current sensors under various device states, such as idle, service and attack. A lightweight online inference model is deployed in the CPU for on-the-fly classification. Our model is robust against noisy environment with a lucid design of noise reduction function. This work appears to be the first step towards a viable CPU malware detection engine based on power fingerprinting. The extensive simulation study under ARM architecture that is widely used in IoT devices, demonstrates a high detection accuracy of 99.1% at a speed less than 1ms. By analyzing Mirai-based infection under distinguishable phases for power feature extraction, our model has further demonstrated an accuracy of 96.3% on model-unknown variants detection.
Keywords: Mirai Iot Variants Detection, Power Side-Channel Auditing, Lightweight Deep Learning, Noise Reduction.
