Detecting IoT Malware Using Deep-Learning

December 7, 2020

The faculty team of Drs. Hongxin Hu, Feng Luo, Long Cheng, Hai Xiao, and Rong Ge are tackling the problem of detecting malware in the Internet of Things through non-intrusive and Deep Learning-based methods on power side channels.

The vulnerability of Internet of Things (IoT) devices to malware attacks poses huge challenges to current Internet security. The IoT malware attacks are usually composed of three stages: intrusion, infection and monetization. Existing approaches for IoT malware detection cannot effectively identify the executed malicious activities at intrusion and infection stages, and thus cannot help stop potential attacks timely.

The work has developed DeepPower, a non-intrusive approach to infer malicious activities of IoT malware via analyzing power side-channel signals using deep learning. DeepPower first filters raw power signals of IoT devices to obtain suspicious signals, and then performs a fine-grained analysis on these signals to infer corresponding executed activities inside the devices. DeepPower determines whether there exists an ongoing malware infection by conducting a correlation analysis on these identified activities. The team implements a prototype of DeepPower leveraging low-cost sensors and devices and evaluate the effectiveness of DeepPower against real-world IoT malware using commodity IoT devices. Experimental results demonstrate that DeepPower is able to detect infection activities of different IoT malware with high accuracy without any changes to the monitored devices.

A paper on this work is: Fei Ding, Hongda Li, Feng Luo, Hongxin Hu, Long Chen, Hai Xiao, Rong Ge. “DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels”, Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (Asia CCS 20), pages 33-46, October 2020.