Optimizing Malware Detection in IoT Networks: Leveraging Resource-Aware Distributed Computing for Enhanced Security

Sreenitha Kasarapu,Sanket Shukla,Sai Manoj Pudukotai Dinakarrao
2024-04-13
Abstract:In recent years, networked IoT systems have revolutionized connectivity, portability, and functionality, offering a myriad of advantages. However, these systems are increasingly targeted by adversaries due to inherent security vulnerabilities and limited computational and storage resources. Malicious applications, commonly known as malware, pose a significant threat to IoT devices and networks. While numerous malware detection techniques have been proposed, existing approaches often overlook the resource constraints inherent in IoT environments, assuming abundant resources for detection tasks. This oversight is compounded by ongoing workloads such as sensing and on-device computations, further diminishing available resources for malware detection. To address these challenges, we present a novel resource- and workload-aware malware detection framework integrated with distributed computing for IoT networks. Our approach begins by analyzing available resources for malware detection using a lightweight regression model. Depending on resource availability, ongoing workload executions, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To safeguard data integrity and user privacy, rather than transferring the entire malware detection task, the classifier is partitioned and distributed across multiple nodes, and subsequently integrated at the parent node for comprehensive malware detection. Experimental analysis demonstrates the efficacy of our proposed technique, achieving a remarkable speed-up of 9.8x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.
Cryptography and Security,Distributed, Parallel, and Cluster Computing
What problem does this paper attempt to address?
The problems that this paper attempts to solve mainly focus on malware detection in Internet of Things (IoT) devices, especially in resource - constrained environments. Specifically, the paper aims to address the following three main challenges: 1. **Real - time malware detection**: - Existing malware detection techniques are divided into static analysis and dynamic analysis. Static analysis detects by analyzing the internal structure of malware binary files, while dynamic analysis performs functional tests in the runtime environment to identify malicious behaviors. Although dynamic analysis is more effective, existing methods cannot guarantee real - time detection because these methods involve a large number of computational tasks. 2. **Reliable feature extraction**: - The effectiveness of malware detection depends on the features captured and analyzed. However, existing feature extraction methods may be unreliable. For example, hardware performance counter (HPCs) information may be over - calculated or affected by other applications, resulting in non - determinism and unreliability. In addition, advanced malware techniques such as code obfuscation, metamorphism, and polymorphism further increase the challenges of feature reliability. 3. **Resource limitations of IoT devices**: - IoT devices are usually designed to be portable and can only perform limited operations, so their resources are very limited. Most resources are used to execute user applications, which makes the resources required for security analysis (such as malware detection) scarce. Existing methods assume that all resources are available for security analysis, which is unrealistic in practical applications. To address these challenges, the paper proposes a new resource - aware and workload - aware malware detection framework, combined with distributed computing to enhance security. The main features of this framework include: - **Lightweight regression model**: It is used to analyze available resources and dynamically allocate malware detection tasks according to resource availability, ongoing workload, and communication costs. - **Model parallelization**: The classifier is partitioned and distributed to multiple nodes to ensure data integrity and user privacy while improving detection efficiency. - **Efficient resource utilization**: By optimizing resource allocation and task scheduling, it ensures efficient malware detection even in resource - constrained environments. Experimental results show that this method can significantly accelerate malware detection (the speed is increased by 9.8 times) while maintaining high detection accuracy (96.7%).