Abstract
The sheer volume of IoT networks being deployed today presents a major “attack surface” and poses significant security risks at a scale never encountered before. In other words, a single IoT device/node that gets infected with malware has the potential to spread the malicious activities across the network, eventually ceasing the network functionality or compromising the network. Simply detecting and quarantining the malware in IoT networks does not guarantee preventing malware propagation. On the other hand, use of traditional control theory for malware confinement is not effective, as most of the existing works do not consider real-time malware control strategies that can be implemented using uncertain infection information from the nodes in the network or have the containment problem decoupled from network performance. In response, in this work, we propose a two-pronged approach with malware detection at node-level, and confinement of malware at network-level. We deploy a recently proposed lightweight runtime malware detector at the node-level that employs Hardware Performance Counter (HPC) values for malware detection. This node-level malware information is combined with the malware propagation information and then fed during runtime to a stochastic predictive controller to confine the malware propagation without hampering the network performance. Synthesizing the node-level malware information with the model predictive containment strategy leads to achieving an average network throughput of nearly 200% of that of IoT network without any defense, and up to 160% of that of network with commonly employed state-of-the-art heuristic approaches for malware confinement. Furthermore, to scale with ever-increasing network topology sizes, we introduce a novel multi-attribute graph translation that can predict the network topology and node state information when provided with a snapshot of topology and node-level malware infection. The proposed multi-attribute graph translation has <5.88 Root Mean Square Error (RMSE) compared to the model predictive containment strategy and has shown nearly constant graph translation time and limited resource utilization independent of the network size.
Highlights
The grand vision of the Internet-of-Things (IoT) boasts a fully connected global network connecting every imaginable thing together
GRAPH TRANSLATION BASED MALWARE CONFINEMENT In order to perform the graph translation i.e., predict the graph instantaneously, which is similar to the graph predicted by the stochastic optimization solution, we propose to use a graph translation model to handle the malware epidemic confinement problem automatically
EXPERIMENTAL RESULTS We present the evaluation of the malware epidemic control with the aid of proposed stochastic control technique and graph translation
Summary
The grand vision of the Internet-of-Things (IoT) boasts a fully connected global network connecting every imaginable thing together. 3) SCALABILITY OF TRADITIONAL MALWARE CONFINEMENT METHODS Malware confinement by formulating as a stochastic control problem and optimization, though effective (solution to previous challenge of malware confinement), requires malware propagation information to be predicted feed-forward in time to ensure that the trade-off between performance and malware infection is met This incurs significant latencies, and it is limited to few tens of nodes due to involved complexity. Instead of directly solving the stochastic optimal control problem, which requires efficient methodologies for estimating and predicting the future malware propagation in the network graphs, a similar functionality is mimicked by our novel graph translation method, in which the future propagation graph topology and node status (malware probability) is predicted based on the current topology and node-level malware information.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
