Skip to main content
ENHU
Home

Main navigation

  • Discover
    • News
    • Events
    • Tenders
  • Research fields
  • Resources
    • Publications
    • Downloads
    • Brochure
  • About us
  • Partners
  1. Home
  2. Events
Jun 28, 2023 | 2:00pm
online

Efficient Detection of Malware on Embedded IoT Devices

Meet
Széchenyi Plusz RRF

Watch the lecture here!

Embedded devices connected to the Internet are threatened by malware, but no anti-virus product is available for them. To address this problem, we developed SIMBIoTA and SIMBIoTA-ML, which are lightweight anti-virus solutions, designed for resource constrained IoT devices, with surprisingly good malware detection performance. Both SIMBIoTA and SIMBIoTA-ML rely on binary similarity for malware detection and use the TLSH localitiy sensitive hash function to compute similarity metrics. SIMBIoTA directly measures similarity of a scanned binary to previously seen malware samples, while SIMBIoTA-ML uses the TLSH values of known malware and benign samples as feature vectors to train a  machine learning-based detector. We showed via measurements on a large malware dataset of real IoT malware and benign files that SIMBIoTA-ML consistently achieves a higher true positive detection rate than SIMBIoTA does, while, at the same time, it also has a higher, but still acceptable, false positive detection rate. In terms of storage requirements, SIMBIoTA is extremely efficient, while SIMBIoTA-ML uses more storage, but it can still be hosted by mid-range and high-end embedded devices with megabytes of memory. Finally, we also showed that the run time delay SIMBIoTA introduces into the operation of an embedded IoT device is not constant, making it hard to design for. In contrast, SIMBIoTA-ML introduces a near-constant, although somewhat increased, delay into the operation of the embedded IoT device, which is advantageous when the device has to satisfy real-time constraints.

Bio: Levente Buttyán received the Ph.D. degree from the Swiss Federal Institute of Technology - Lausanne (EPFL) in 2002. In 2003, he joined the Department of Networked Systems and Services at BME, where he currently holds a position as a full Professor and leads the Laboratory of Cryptography and Systems Security (CrySyS Lab). He received habilitation at BME in 2013 and the title of Doctor of Science form the Hungarian Academy of Sciences in 2021. He has done research on the design and analysis of secure protocols and privacy enhancing mechanisms for wireless networked embedded systems (including wireless sensor networks, mesh networks, vehicular communications, and RFID systems). A few years ago, he was involved in the analysis of some high profile targeted malware, such as Duqu, Flame, MiniDuke, and TeamSpy. Currently, his research interest is in security of cyber-physical systems (including industrial automation and conrtrol systems, modern vehicles, cooperative intelligent transport systems, and the Internet of Things in general). He is also the co-founder of multiple successful IT security start-ups, including Tresorit, Avatao, and Ukatemi Technologies.
 

Home

LinkedIn

Become a partner

Subscribe to newsletter

Send partnership request

Explore

  • News
  • Events
  • Tenders
  • Publications
  • Downloads
  • Partners

Research fields

  • Foundations of AI
  • Human Language Processing
  • Machine perception
  • Medical, Health and Biology
  • Security and Privacy
  • Sensors, IoT and Telecommunications

Contact us

Hungary, H-1111 Budapest,
Kende u. 13-17.
+36 1 279 6000
@email

© 2020-2021 Artifical Intelligence National Laboratory, Budapest