Methods for Detecting Malware Threats in the Industrial IoT Network
Computer Sciences and Information Technology
Literature Review
According to Sharmeen et al. (2018), the smart industry arena characterized by an extensive integration of industrial Internet of things (IoT) Networks is prone to various malware threats that will compromise the safety and security of its information, their identity and the resources utilized are compromised.
Ngo et al. (2020) would further indicate that the complexities within the design and implementation IoT devices’ hardware and software in conjunction with a lack of proper security functions and capacities, the networks have become attractive targets for cybercriminals to exploit its vulnerabilities such as weak authentication, old firmware, and malware.
While powerful computing devices can detect malware through sophisticated devices, IoT device networks have limited resources. The traditional cybersecurity systems are not adequate to detect the small attacks, especially due to their need for constant updating (Waheed et al., 2020). This exacerbates the security challenges within IoT devices.
There are numerous security challenges when it comes to Industrial IoT Networks. Some of the security challenges include the presence of vulnerable components, increased connectivity, IT/OT convergence, legacy control systems, human factors, and security updates (European Union Agency For Network and Information Security, 2018). Each of these issues will require its security approaches to ensure that the risk of cyberattacks is mitigated.
The primary functionalities of industrial IoT Networks are mainly communication. However, they also share underpinning security risks of the Cyber-Physical Systems (CPS), in which high vulnerability risks are often neglected in the IoT device designs (Dinakarrao et al., 2018). This also increases the vulnerability to security attacks, yet it is not feasible to have software-based malware detection approaches deployed due to limited resources. Furthermore, the IoT devices become a potential target for cyber-attacks due to the feasibility of malware propagation via connected networks having no built-in defense measures.
Notably, the security challenge would prompt researchers to do extensive studies specifically on IoT malware. According to Phu et al. (2019), extensive research would identify methods to detect malware, which is divided into two categories. First, the static methods that analyze and detect malicious files without their execution. The second category comprises the dynamic analytic approaches, which entail monitoring the executable files as they run to point out any abnormal behaviors (Phu et al., 2019). The static method approach has one limitation of its inability to detect complex and polymorphic malware; hence they are complemented by the dynamic analytic methods.
Methodologies
Machine Learning Techniques
These approaches identify the patterns of specific features in a malware code or behavior, thus differentiating the malware from non-malicious applications (Azmoodeh et al., 2019). One of them is the neural networks and decision tree techniques utilized in detection in the malware covert communications.
Machine learning techniques could be improvised to detect the malware depending on the power usage patterns within IoT nodes, for instance, in the Android devices. The process will entail grinding the power usage of a particular device, dividing them into subsamples, classifying them, and aggregating the outputs, which increases the detection rates.
The method is based on the notion that there is a significant difference in the consumption of power patterns between malware and benign applications. Nonetheless, since these patterns are not predictable and numerous factors determine them, such as files content and encryption algorithms, it is important to distribute the samples into a feature space. Linear classification algorithms are applied, such as the k-Nearest Neighbor (KNN) classifier, which uses the Dynamic Time Warping (DTW) (Azmoodeh et al., 2019).
This method has proven effective since the unique local fingerprint of the malware’s energy consumption will aid in differentiating it from non-malicious applications. The sequence of energy consumption of the different applications is divided into several sequences in the utilization of power than their aggregation to subsamples with class labels. This approach has indicated a detection rate of 95.65% with an 89.19% precision rate (Azmoodeh et al., 2019). Deploying the approach in IoT Networks will aid in the evaluation and refinement of its security.
Blockchain Technology
Blockchain technologies have been identified to provide security to numerous communication environments (Wazid et al., 2019). This is due to their decentralized, efficient, and transparent operations. Blockchain technologies can be used to store signatures and any information from other suspected malware files.
IoT industrial environments could utilize blockchain operations to detect malware efficiently. A block is created containing information on the different malicious programs, in this case, the malware added to the blockchain. When the user within the network downloads a particular file, the heuristic or detection of malware depending on behaviors is first executed (Wazid et al., 2019).
In detecting the malware, a single node is created following a constellation protocol depending on a quorum and a deep belief neural network as the engine of detection. The approach will then detect malware embedded within the network through affirmative or negative classes through the DBN. The DMBN has been trained by extensive data containing both positive and negative data; then, the data set will be available to each node as transactions. Quorum is its blockchain architecture that will ensure that no single corrupt node can compromise the network.
All the nodes are to contain unique but similar detection engines, thus producing their probabilities. In case the calculated probability surpasses the minimum threshold, the file is not malicious, and a respective node accepts the file. If the opposite occurs, the file is declined. The network is hence protected from any compromise done by possible malware by any intruders within the network. Any existing malware attacks on the systems are also detected (Rayamajhi, 2019).
Hardware-assisted Runtime Malware Detection Technique (HaRM)
This process contains two steps: feature collection and selection that is done offline and the runtime malware detection that is done online. The first step entails selecting critical features in the hardware performance counters (HPCs) (Dinakarrao et al., 2019). They are then ranked based on importance and relevance using a feature scoring process.
After selecting the critical features, these features will train the malware classifiers within the malware detectors of the HaRM. The classifiers’ effectiveness will be determined through a comparison of their accuracy, hardware overhead, power consumption, and time needed to detect the malware or its latency. For this technique, the “OneR” ML Classifier has illustrated its efficiency. It allows detection of malware on individual nodes, thus not needing network topology and has a lower latency and low consumption levels of resources.
This method effectively identifies any compromised nodes within the Industrial IoT networks, thus securing them from malware epidemics. The HaRM is implemented in the IoT nodes and will erect the malware without incurring any process overheads and facilitating the runway malware detection (Dinakarrao et al., 2019).
NetGuard Endpoint Security
This entails having an end to end consumer-facing network-based malware detection solution that can notify and also remedy the situation. The system will identify the infected end-point devices and immediately notify or block the malware, hence protecting them from any breach of security.
Its primary components are network-based malware sensors, which will be deployed in key locations within the carrier networks. They monitor the traffic for any malware activities and have no impact on the network’s performance. The second component is an alert reporting cluster, primarily virtual machines running within the carrier’s data center and will aggregate the malware events received from the sensors.
The third component is an analytics portal that provides the main user interface with its security operations team. A dashboard summary of malware activities is provided together with the capacity of drilling down to malware individual events. Finally, a subscriber portal provides a self-serve remediation portal in which customers or enterprise consumers will eliminate malware challenges on their devices. Ultimately, the solution becomes an integral part of malware notification and remediation service and provides an online scan and clean services.
Control Flow Graphs (CFGs)
This approach is utilized to extract characteristic static features within the applications (Alasmary et al., 2019). The features related to the graphs are then used as a representation of whether the software is malicious. Classification techniques will be built in to differentiate the malicious software from benign software.
In detecting the malware within the IoT, various features that have been extracted from the graphs of both the benign IoT and the malware. This process requires an adequate number of deep features extracted from the convolutional layers to ensure that can all be interpreted,
Notably, this method is highly accurate, but its features are prone to obfuscation. For instance, an obfuscation that could occur at the functional level of the IoT malware causing an increased number of components, lower control flows, and decreased complexities that may affect the accuracy of the detection system (Alasmary et al., 2019).

References
Alasmary, H., Khormali, A., Anwar, A., Park, J., Choi, J., Abusnaina, A., … & Mohaisen, A. (2019). Analyzing and detecting emerging Internet of things malware: A graph-based approach. IEEE Internet of Things Journal, 6(5), 8977-8988.
Azmoodeh, A., Dehghantanha, A., Conti, M., & Choo, K. K. R. (2018). Detecting crypto-ransomware in IoT networks based on energy consumption footprint. Journal of Ambient Intelligence and Humanized Computing, 9(4), 1141-1152.
Dinakarrao, S. M. P., Sayadi, H., Makrani, H. M., Nowzari, C., Rafatirad, S., & Homayoun, H. (2019, March). Lightweight node-level malware detection and network-level malware confinement in IoT networks. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE) (pp. 776-781). IEEE.
European Union Agency For Network and Information Security. (2018). Good Practices for Security of the Internet of Things in the Context of Smart Manufacturing.
Ngo, Q. D., Nguyen, H. T., Nguyen, L. C., & Nguyen, D. H. (2020). A survey of IoT malware and detection methods based on static features. ICT Express.
Phu, T. N., Dang, K. H., Quoc, D. N., Dai, N. T., & Binh, N. N. (2019). A Novel Framework to Classify Malware in MIPS Architecture-Based IoT Devices. Security and Communication Networks, 2019.
Rayamajhi, P. (2019, March 16). Malware detection using blockchain technology. Retrieved from https://medium.com/@parishilanrayamajhi/malware-detection-using-blockchain-technology-bca2a67f5dd
Sharmeen, S., Huda, S., Abawajy, J. H., Ismail, W. N., & Hassan, M. M. (2018). Malware threats and detection for industrial mobile-IoT networks. IEEE Access, 6, 15941-15957.
Waheed, N., He, X., & Usman, M. (2020). Security & Privacy in IoT Using Machine Learning & Blockchain: Threats & Countermeasures. arXiv preprint arXiv:2002.03488.
Wazid, M., Das, A. K., Rodrigues, J. J., Shetty, S., & Park, Y. (2019). IoMT malware detection approaches Analysis and research challenges. IEEE Access, 7, 182459-182476.

Published by
Essays
View all posts