SETTI: A Self-supervised Adversarial Malware Detection Architecture in an IoT Environment

TL;DR

This paper introduces SETTI, a self-supervised adversarial malware detection system for IoT networks that employs real-time attack techniques and defenses, improving malware detection accuracy in unlabeled IoT traffic data.

Contribution

It proposes a novel self-supervised adversarial architecture with three attack methods and a defense strategy, addressing real-time malware detection challenges in unlabeled IoT data.

Findings

Self-MDS reduces IoT23 accuracy from 98% to 74%.

ASelf-MDS reduces NBIoT accuracy from 98% to 77%.

The architecture effectively detects malware despite adversarial attacks.

Abstract

In recent years, malware detection has become an active research topic in the area of Internet of Things (IoT) security. The principle is to exploit knowledge from large quantities of continuously generated malware. Existing algorithms practice available malware features for IoT devices and lack real-time prediction behaviors. More research is thus required on malware detection to cope with real-time misclassification of the input IoT data. Motivated by this, in this paper we propose an adversarial self-supervised architecture for detecting malware in IoT networks, SETTI, considering samples of IoT network traffic that may not be labeled. In the SETTI architecture, we design three self-supervised attack techniques, namely Self-MDS, GSelf-MDS and ASelf-MDS. The Self-MDS method considers the IoT input data and the adversarial sample generation in real-time. The GSelf-MDS builds a generative adversarial network model to generate adversarial samples in the self-supervised structure. Finally, ASelf-MDS utilizes three well-known perturbation sample techniques to develop adversarial malware and inject it over the self-supervised architecture. Also, we apply a defence method to mitigate these attacks, namely adversarial self-supervised training to protect the malware detection architecture against injecting the malicious samples. To validate the attack and defence algorithms, we conduct experiments on two recent IoT datasets: IoT23 and NBIoT. Comparison of the results shows that in the IoT23 dataset, the Self-MDS method has the most damaging consequences from the attacker's point of view by reducing the accuracy rate from 98% to 74%. In the NBIoT dataset, the ASelf-MDS method is the most devastating algorithm that can plunge the accuracy rate from 98% to 77%.