I-MCM: IoT Malware Counter Measures for Cross-Architecture IoT Malware Detection

The recent attacks initiated by malware-infected IoT devices illustrate that these attacks have tremendous impacts not only on the targeted systems but also on the entire internet infrastructure. Due to the vast number of infected IoT devices, the Quality of Service of the target system can be severely hampered by DDoS attacks. Despite the severity of the threat, the security measures against IoT malware are highly limited, and mostly, users are unaware that their devices are infected by malware. Due to the constrained nature of IoT devices, high-resource-demanding anti-malware tools cannot be run on edge devices, and lightweight malware detection systems are highly needed to secure those devices against IoT malware. In this regard, we propose the I-MCM framework for IoT malware detection on IoT devices by utilizing Tiny ML techniques based on static malware analysis data. Our proposed I-MCM framework is capable of detecting IoT malware in a Raspberry Pi Node deployed with Random Forest Classifier in 7.87 s. (including file analysis and data preprocessing) with 99.8% accuracy and in an Arduino Nano 33 BLE Sense microcontroller deployed with a Tiny ANN model in 8.16 s. (including file analysis and data preprocessing) with 97.1% accuracy. Besides, the I-MCM framework can detect IoT malware regardless of CPU architecture with only one ML model by utilizing our Opcode Purification Technique. Last but not least, this research presents a cross-architecture IoT Malware dataset that includes both malware and benignware samples.