Abstract
The number of IoT devices on the Internet has surged recently, accompanied by a barrage of large-scale IoT malware infections breakouts. Designing security mechanisms for IoT devices poses significant challenges due to constantly changing malware variants that have numerous camouflage strategies, limited hardware resources, and heterogeneous architectures. In this article, we propose MIDAS, an adaptive safeguard framework for Linux-based IoT devices to defend against malwares with the real-time behavior auditing mechanism. First, we construct a stable and abstract behavior paradigm through behavioral characteristic extraction of 115 970 malwares. Then, based on the behavior paradigm, MIDAS can: 1) monitor suspicious behaviors of break-in programs in real-time driven by our built-in SELinux policy customized for malware defense; 2) aggregate behaviors of the program’s submodules with homology tracing; and 3) summarize these behaviors into abstract behavior pairs to unveil a possible IoT malware. Using the aforementioned real-time behavior auditing, MIDAS can constrain mutating and camouflaged malwares to protect discrepant IoT devices from being compromised while maintaining low overheads. We thoroughly evaluated the defense capabilities of MIDAS. On the benchmark dataset, MIDAS successfully constrained up to 94.46%, 91.79%, and 88.34% of 115970 malware samples on ARM, MIPS, and MIPSEL architectures, with less than 1.8 MiB of memory consumption and 0.54% CPU usage. Furthermore, we deployed virtual IoT devices worldwide to examine the performance of MIDAS when defending against real-world attacks. Over a duration of 25 days, these devices suffered from 971 951 attacks originating from 71 979 intruding malwares and 48 805 unique IPs distributed in 167 countries. For devices with MIDAS protection, the number of compromised incidents decreases by <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$343.1\times $ </tex-math></inline-formula> , and the duration of continuous operation is <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$179.2\times $ </tex-math></inline-formula> greater than devices without MIDAS on average. The evaluation results demonstrate that MIDAS can effectively safeguard IoT devices with minimal resource consumption.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
