MADEA: A Malware Detection Architecture for IoT blending Network Monitoring and Device Attestation

• URL: http://arxiv.org/abs/2502.15098v1
• Date: Thu, 20 Feb 2025 23:37:00 GMT
• Title: MADEA: A Malware Detection Architecture for IoT blending Network Monitoring and Device Attestation
• Authors: Renascence Tarafder Prapty, Rahmadi Trimananda, Sashidhar Jakkamsetti, Gene Tsudik, Athina Markopoulou,
• Abstract summary: MADEA is the first system that blends RA and TA to offer a comprehensive approach to malware detection for the IoT ecosystem.<n>It achieves a 100% true positive rate and 160x faster detection time.<n>Without MADEA, effective periodic RA can consume at least 14x the amount of energy that a device needs in one hour.
• Score: 13.039357655135145
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Internet-of-Things (IoT) devices are vulnerable to malware and require new mitigation techniques due to their limited resources. To that end, previous research has used periodic Remote Attestation (RA) or Traffic Analysis (TA) to detect malware in IoT devices. However, RA is expensive, and TA only raises suspicion without confirming malware presence. To solve this, we design MADEA, the first system that blends RA and TA to offer a comprehensive approach to malware detection for the IoT ecosystem. TA builds profiles of expected packet traces during benign operations of each device and then uses them to detect malware from network traffic in real-time. RA confirms the presence or absence of malware on the device. MADEA achieves 100% true positive rate. It also outperforms other approaches with 160x faster detection time. Finally, without MADEA, effective periodic RA can consume at least ~14x the amount of energy that a device needs in one hour.

Related papers

• Detecting Hardware Trojans in Microprocessors via Hardware Error Correction Code-based Modules [49.1574468325115]
  Hardware Trojans (HTs) enable attackers to execute unauthorized software or gain illicit access to privileged operations.<n>This manuscript introduces a hardware-based methodology for detecting runtime HT activations using Error Correction Codes (ECCs) on a RISC-V microprocessor.
  arXiv  Detail & Related papers  (2025-06-18T12:37:14Z)
• Optimizing Malware Detection in IoT Networks: Leveraging Resource-Aware Distributed Computing for Enhanced Security [0.6856683556201506]
  Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. We present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks.
  arXiv  Detail & Related papers  (2024-04-12T21:11:29Z)
• Enhancing IoT Malware Detection through Adaptive Model Parallelism and Resource Optimization [0.6856683556201506]
  This study introduces a novel approach to malware detection tailored for IoT devices. Based on resource availability, ongoing workload, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes. Experimental results demonstrate that this proposed technique achieves a significant speedup of 9.8 x compared to on-device inference.
  arXiv  Detail & Related papers  (2024-04-12T20:51:25Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• MalIoT: Scalable and Real-time Malware Traffic Detection for IoT Networks [6.426881566121233]
  The system can handle the exponential growth of IoT devices thanks to the usage of distributed systems like Apache Kafka and Apache Spark. These technologies work together to create a system that can give scalable performance and high accuracy.
  arXiv  Detail & Related papers  (2023-04-02T20:47:08Z)
• A survey on hardware-based malware detection approaches [45.24207460381396]
  Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess. We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
  arXiv  Detail & Related papers  (2023-03-22T13:00:41Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• MAPLE-X: Latency Prediction with Explicit Microprocessor Prior Knowledge [87.41163540910854]
  Deep neural network (DNN) latency characterization is a time-consuming process. We propose MAPLE-X which extends MAPLE by incorporating explicit prior knowledge of hardware devices and DNN architecture latency.
  arXiv  Detail & Related papers  (2022-05-25T11:08:20Z)
• MAPLE-Edge: A Runtime Latency Predictor for Edge Devices [80.01591186546793]
  We propose MAPLE-Edge, an edge device-oriented extension of MAPLE, the state-of-the-art latency predictor for general purpose hardware. Compared to MAPLE, MAPLE-Edge can describe the runtime and target device platform using a much smaller set of CPU performance counters. We also demonstrate that unlike MAPLE which performs best when trained on a pool of devices sharing a common runtime, MAPLE-Edge can effectively generalize across runtimes.
  arXiv  Detail & Related papers  (2022-04-27T14:00:48Z)
• SETTI: A Self-supervised Adversarial Malware Detection Architecture in an IoT Environment [20.586904296213007]
  We propose an adversarial self-supervised architecture for detecting malware in Internet of Things networks, SETTI. In the SETTI architecture, we design three self-supervised attack techniques, namely Self-MDS, GSelf-MDS and ASelf-MDS. To validate the attack and defence algorithms, we conduct experiments on two recent IoT datasets: IoT23 and NBIoT.
  arXiv  Detail & Related papers  (2022-04-16T10:10:59Z)
• Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors [49.34155921877441]
  We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors. We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware. Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
  arXiv  Detail & Related papers  (2021-11-19T08:02:38Z)
• Towards Obfuscated Malware Detection for Low Powered IoT Devices [0.11417805445492081]
  IoT and edge devices have become a new threat vector for malware authors. Due to their limited computational power and storage space, it is infeasible to deploy state-of-the-art malware detectors onto these systems. We propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection.
  arXiv  Detail & Related papers  (2020-11-06T17:10:26Z)
• Being Single Has Benefits. Instance Poisoning to Deceive Malware Classifiers [47.828297621738265]
  We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier. As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger. We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
  arXiv  Detail & Related papers  (2020-10-30T15:27:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.