A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information

Abstract

Due to the popularization of Internet of Things (IoT) devices, numerous and varied devices have been connected to the Internet. While various devices including home appliances operate via the Internet, attacks targeting many IoT devices are increasing because the vulnerabilities exist in them. Furthermore, there is a problem that introducing a security mechanism as software is difficult because they have few hardware resources. Therefore, a security mechanism which does not consume hardware resources such as CPU and memory is required. We propose a malware detection mechanism using values extracted from the processor. We aim to offload the malware detection mechanism to hardware by using the processor information and aim to suppress the consumption of hardware resources. In this paper, we implemented a prototype of our proposed mechanism using QEMU, which is a virtual machine. We show that our proposed mechanism can classify malware or benign programs by using the processor information as well as detect malware variant belonging to the same family.