NURSE: eNd-UseR IoT malware detection tool for Smart homEs

TL;DR

NURSE is a user-friendly, zero-configuration IoT malware detection tool that analyzes network traffic to identify infected devices in smart homes, addressing the heterogeneity and usability issues of existing solutions.

Contribution

This paper introduces NURSE, a modular, end-user oriented IoT malware detection tool that requires no network modifications and effectively identifies infected devices.

Findings

Achieved 86.7% accuracy in detecting malware-infected IoT devices.

Validated NURSE across 83 diverse IoT network scenarios.

Operates without hardware modifications or complex setup.

Abstract

Traditional techniques to detect malware infections were not meant to be used by the end-user and current malware removal tools and security software cannot handle the heterogeneity of IoT devices. In this paper, we design, develop and evaluate a tool, called NURSE, to fill this information gap, i.e., enabling end-users to detect IoT-malware infections in their home networks. NURSE follows a modular approach to analyze IoT traffic as captured by means of an ARP spoofing technique which does not require any network modification or specific hardware. Thus, NURSE provides zero-configuration IoT traffic analysis within everybody's reach. After testing NURSE in 83 different IoT network scenarios with a wide variety of IoT device types, results show that NURSE identifies malware-infected IoT devices with high accuracy (86.7%) using device network behavior and contacted destinations.