Towards Obfuscated Malware Detection for Low Powered IoT Devices

TL;DR

This paper presents a low-cost, power-efficient method for detecting both unobfuscated and obfuscated malware on resource-constrained IoT devices by using features derived from Markov matrices of opcode traces.

Contribution

The authors introduce a novel malware detection approach for IoT devices that leverages Markov matrix features, enabling effective detection with minimal power consumption.

Findings

High detection rate maintained

Lower power consumption compared to similar methods

Effective against obfuscated malware

Abstract

With the increased deployment of IoT and edge devices into commercial and user networks, these devices have become a new threat vector for malware authors. It is imperative to protect these devices as they become more prevalent in commercial and personal networks. However, due to their limited computational power and storage space, especially in the case of battery-powered devices, it is infeasible to deploy state-of-the-art malware detectors onto these systems. In this work, we propose using and extracting features from Markov matrices constructed from opcode traces as a low cost feature for unobfuscated and obfuscated malware detection. We empirically show that our approach maintains a high detection rate while consuming less power than similar work.