AIS for Malware Detection in a Realistic IoT System: Challenges and Opportunities

With the expansion of the digital world, the number of Internet of things (IoT) devices is evolving dramatically. IoT devices have limited computational power and a small memory. Consequently, existing and complex security methods are not suitable to detect unknown malware attacks in IoT networks. This has become a major concern in the advent of increasingly unpredictable and innovative cyberattacks. In this context, artificial immune systems (AISs) have emerged as an effective malware detection mechanism with low requirements for computation and memory. In this research, we first validate the malware detection results of a recent AIS solution using multiple datasets with different types of malware attacks. Next, we examine the potential gains and limitations of promising AIS solutions under realistic implementation scenarios. We design a realistic IoT framework mimicking real-life IoT system architectures. The objective is to evaluate the AIS solutions’ performance with regard to the system constraints. We demonstrate that AIS solutions succeed in detecting unknown malware in the most challenging conditions. Furthermore, the systemic results with different system architectures reveal the AIS solutions’ ability to transfer learning between IoT devices. Transfer learning is a pivotal feature in the presence of highly constrained devices in the network. More importantly, this work highlights that previously published AIS performance results, which were obtained in a simulation environment, cannot be taken at face value. In reality, AIS’s malware detection accuracy for IoT systems is 91% in the most restricted designed system compared to the 99% accuracy rate reported in the simulation experiment

Efficient Security Algorithm for Power Constrained IoT Devices

Internet of Things (IoT) devices characterized by low power and low processing capabilities do not exactly fit into the provision of existing security techniques, due to their constrained nature. Classical security algorithms which are built on complex cryptographic functions often require a level of processing that low power IoT devices are incapable to effectively achieve due to limited power and processing resources. Consequently, the option for constrained IoT devices lies in either developing new security schemes or modifying existing ones to be more suitable for constrained IoT devices. In this work, an Efficient security Algorithm for Constrained IoT devices; based on the Advanced Encryption Standard is proposed. We present a cryptanalytic overview of the consequence of complexity reduction together with a supporting mathematical justification, and provisioned a secure element (ATECC608A) as a trade-off. The ATECC608A doubles for authentication and guarding against implementation attacks on the associated IoT device (ARM Cortex M4 microprocessor) in line with our analysis. The software implementation of the efficient algorithm for constrained IoT devices shows up to 35% reduction in the time it takes to complete the encryption of a single block (16bytes) of plain text, in comparison to the currently used standard AES-128 algorithm, and in comparison to current results in literature at 26.6

Chemical Kinetic Insights into the Octane Number and Octane Sensitivity of Gasoline Surrogate Mixtures

Gasoline octane number is a significant empirical parameter for the optimization and development of internal combustion engines capable of resisting knock. Although extensive databases and blending rules to estimate the octane numbers of mixtures have been developed and the effects of molecular structure on autoignition properties are somewhat understood, a comprehensive theoretical chemistry-based foundation for blending effects of fuels on engine operations is still to be developed. In this study, we present models that correlate the research octane number (RON) and motor octane number (MON) with simulated homogeneous gas-phase ignition delay times of stoichiometric fuel/air mixtures. These correlations attempt to bridge the gap between the fundamental autoignition behavior of the fuel (e.g., its chemistry and how reactivity changes with temperature and pressure) and engine properties such as its knocking behavior in a cooperative fuels research (CFR) engine. The study encompasses a total of 79 hydrocarbon gasoline surrogate mixtures including 11 primary reference fuels (PRF), 43 toluene primary reference fuels (TPRF), and 19 multicomponent (MC) surrogate mixtures. In addition to TPRF mixture components of iso-octane/n-heptane/toluene, MC mixtures, including n-heptane, iso-octane, toluene, 1-hexene, and 1,2,4-trimethylbenzene, were blended and tested to mimic real gasoline sensitivity. ASTM testing protocols D-2699 and D-2700 were used to measure the RON and MON of the MC mixtures in a CFR engine, while the PRF and TPRF mixtures' octane ratings were obtained from the literature. The mixtures cover a RON range of 0-100, with the majority being in the 70-100 range. A parametric simulation study across a temperature range of 650-950 K and pressure range of 15-50 bar was carried out in a constant-volume homogeneous batch reactor to calculate chemical kinetic ignition delay times. Regression tools were utilized to find the conditions at which RON and MON best correlate with simulated ignition delay times. Furthermore, temperature and pressure dependences were investigated for fuels with varying octane sensitivity. This analysis led to the formulation of correlations useful to the definition of surrogates for modeling purposes and allowed one to identify conditions for a more in-depth understanding of the chemical phenomena controlling the antiknock behavior of the fuels

A novel negative and positive selection algorithm to detect unknown malware in the IoT

The Internet of Things (IoT) paradigm is a key enabler to many critical applications, thus demands reliable security measures. IoT devices have limited computational power, hence, are inadequate to carry rigorous security mechanisms. This paper proposes the Negative-Positive-Selection (NPS) method which uses an artificial immunity system technique for malware detection. NPS is suitable for the computation restrictions and security challenges associated with IoT. The performance of NPS is benchmarked against state-of-the-art malware detection schemes using a real dataset. Our results show a 21% improvement in malware detection and a 65% reduction in the number of detectors. NPS meets IoT-specific requirements as it outperforms other malware detection mechanisms whilst having less demanding computational requirements

Challenges of malware detection in the IoT and a review of artificial immune system approaches

The fast growth of the Internet of Things (IoT) and its diverse applications increase the risk of cyberattacks, one type of which is malware attacks. Due to the IoT devices’ different capabilities and the dynamic and ever-evolving environment, applying complex security measures is challenging, and applying only basic security standards is risky. Artificial Immune Systems (AIS) are intrusion-detecting algorithms inspired by the human body’s adaptive immune system techniques. Most of these algorithms imitate the human’s body B-cell and T-cell defensive mechanisms. They are lightweight, adaptive, and able to detect malware attacks without prior knowledge. In this work, we review the recent advances in employing AIS for the improved detection of malware in IoT networks. We present a critical analysis that highlights the limitations of the state-of-the-art in AIS research and offer insights into promising new research directions