Evasion of IoT Malware Detection via Dummy Code Injection

TL;DR

This paper introduces a novel adversarial dummy code injection technique that effectively evades power side-channel malware detection in IoT devices, exposing vulnerabilities in current AI/ML-based security systems.

Contribution

It proposes a new adversarial strategy involving dummy code injection during malware scanning to evade power-based detection, demonstrating significant attack success rates.

Findings

Achieves an average attack success rate of 75.2%

Systematically analyzes trade-offs between stealthiness and effectiveness

Reveals vulnerabilities in existing power-based malware detection methods

Abstract

The Internet of Things (IoT) has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has recently emerged as a promising technique for detecting malware activity based on device power consumption patterns. However, the resilience of such detection systems under adversarial manipulation remains underexplored. This work presents a novel adversarial strategy against power side-channel-based malware detection. By injecting structured dummy code into the scanning phase of the Mirai botnet, we dynamically perturb power signatures to evade AI/ML-based anomaly detection without disrupting core functionality. Our approach systematically analyzes the trade-offs between stealthiness, execution overhead, and evasion effectiveness across multiple state-of-the-art models for side-channel analysis, using a custom dataset collected from smartphones of diverse manufacturers. Experimental results show that our adversarial modifications achieve an average attack success rate of 75.2\%, revealing practical vulnerabilities in power-based intrusion detection frameworks.