Evasion of IoT Malware Detection via Dummy Code Injection

• URL: http://arxiv.org/abs/2602.08170v1
• Date: Mon, 09 Feb 2026 00:18:23 GMT
• Title: Evasion of IoT Malware Detection via Dummy Code Injection
• Authors: Sahar Zargarzadeh, Mohammad Islam,
• Abstract summary: This work presents a novel adversarial strategy against power side-channel-based malware detection.<n>By injecting structured dummy code into the scanning phase of the Mirai botnet, we dynamically perturb power signatures to evade AI/ML-based anomaly detection.<n>Our approach systematically analyzes the trade-offs between stealthiness, execution overhead, and evasion effectiveness.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The Internet of Things (IoT) has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has recently emerged as a promising technique for detecting malware activity based on device power consumption patterns. However, the resilience of such detection systems under adversarial manipulation remains underexplored. This work presents a novel adversarial strategy against power side-channel-based malware detection. By injecting structured dummy code into the scanning phase of the Mirai botnet, we dynamically perturb power signatures to evade AI/ML-based anomaly detection without disrupting core functionality. Our approach systematically analyzes the trade-offs between stealthiness, execution overhead, and evasion effectiveness across multiple state-of-the-art models for side-channel analysis, using a custom dataset collected from smartphones of diverse manufacturers. Experimental results show that our adversarial modifications achieve an average attack success rate of 75.2\%, revealing practical vulnerabilities in power-based intrusion detection frameworks.

Related papers

• Enhancing Adversarial Robustness of IoT Intrusion Detection via SHAP-Based Attribution Fingerprinting [5.35811141279537]
  We propose a novel adversarial detection model that enhances the robustness of IoT IDS against adversarial attacks.<n>We extract attribution fingerprints from network traffic features, enabling the IDS to reliably distinguish between clean and adversarially perturbed inputs.<n>We evaluate the model on a standard IoT benchmark dataset, where it significantly outperformed a state-of-the-art method in detecting adversarial attacks.
  arXiv  Detail & Related papers  (2025-11-09T02:56:54Z)
• Certifiably robust malware detectors by design [48.367676529300276]
  We propose a new model architecture for robust malware detection by design.<n>We show that every robust detector can be decomposed into a specific structure, which can be applied to learn empirically robust malware detectors.<n>Our framework ERDALT is based on this structure.
  arXiv  Detail & Related papers  (2025-08-10T09:19:29Z)
• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• Optimizing Malware Detection in IoT Networks: Leveraging Resource-Aware Distributed Computing for Enhanced Security [0.6856683556201506]
  Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. We present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks.
  arXiv  Detail & Related papers  (2024-04-12T21:11:29Z)
• Enhancing IoT Malware Detection through Adaptive Model Parallelism and Resource Optimization [0.6856683556201506]
  This study introduces a novel approach to malware detection tailored for IoT devices. Based on resource availability, ongoing workload, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes. Experimental results demonstrate that this proposed technique achieves a significant speedup of 9.8 x compared to on-device inference.
  arXiv  Detail & Related papers  (2024-04-12T20:51:25Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors [49.34155921877441]
  We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors. We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware. Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
  arXiv  Detail & Related papers  (2021-11-19T08:02:38Z)
• ML-based IoT Malware Detection Under Adversarial Settings: A Systematic Evaluation [9.143713488498513]
  This work systematically examines the state-of-the-art malware detection approaches, that utilize various representation and learning techniques. We show that software mutations with functionality-preserving operations, such as stripping and padding, significantly deteriorate the accuracy of such detectors.
  arXiv  Detail & Related papers  (2021-08-30T16:54:07Z)
• No Need to Know Physics: Resilience of Process-based Model-free Anomaly Detection for Industrial Control Systems [95.54151664013011]
  We present a novel framework to generate adversarial spoofing signals that violate physical properties of the system. We analyze four anomaly detectors published at top security conferences.
  arXiv  Detail & Related papers  (2020-12-07T11:02:44Z)
• Towards Obfuscated Malware Detection for Low Powered IoT Devices [0.11417805445492081]
  IoT and edge devices have become a new threat vector for malware authors. Due to their limited computational power and storage space, it is infeasible to deploy state-of-the-art malware detectors onto these systems. We propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection.
  arXiv  Detail & Related papers  (2020-11-06T17:10:26Z)
• Adversarial vs behavioural-based defensive AI with joint, continual and active learning: automated evaluation of robustness to deception, poisoning and concept drift [62.997667081978825]
  Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security. In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
  arXiv  Detail & Related papers  (2020-01-13T13:54:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.