ML-based IoT Malware Detection Under Adversarial Settings: A Systematic Evaluation
This addresses the problem of unreliable malware detection for IoT security, but it is incremental as it focuses on evaluating existing methods rather than proposing new ones.
The paper systematically evaluates state-of-the-art ML-based IoT malware detectors under adversarial settings, finding that functionality-preserving mutations like stripping and padding significantly deteriorate their accuracy, highlighting instability in distinguishing benign from malicious software.
The rapid growth of the Internet of Things (IoT) devices is paralleled by them being on the front-line of malicious attacks. This has led to an explosion in the number of IoT malware, with continued mutations, evolution, and sophistication. These malicious software are detected using machine learning (ML) algorithms alongside the traditional signature-based methods. Although ML-based detectors improve the detection performance, they are susceptible to malware evolution and sophistication, making them limited to the patterns that they have been trained upon. This continuous trend motivates the large body of literature on malware analysis and detection research, with many systems emerging constantly, and outperforming their predecessors. In this work, we systematically examine the state-of-the-art malware detection approaches, that utilize various representation and learning techniques, under a range of adversarial settings. Our analyses highlight the instability of the proposed detectors in learning patterns that distinguish the benign from the malicious software. The results exhibit that software mutations with functionality-preserving operations, such as stripping and padding, significantly deteriorate the accuracy of such detectors. Additionally, our analysis of the industry-standard malware detectors shows their instability to the malware mutations.