A Lightweight Moving Target Defense Framework for Multi-purpose Malware Affecting IoT Devices
This work addresses the problem of multi-purpose malware for IoT devices, which is an incremental improvement as it adapts existing MTD concepts to a specific domain.
The paper tackles the challenge of protecting IoT devices from multi-purpose malware by proposing a lightweight moving target defense (MTD) framework with four mechanisms that alter network, data, and runtime environments, and it demonstrates effectiveness in a real-world evaluation with an IoT spectrum sensor.
Malware affecting Internet of Things (IoT) devices is rapidly growing due to the relevance of this paradigm in real-world scenarios. Specialized literature has also detected a trend towards multi-purpose malware able to execute different malicious actions such as remote control, data leakage, encryption, or code hiding, among others. Protecting IoT devices against this kind of malware is challenging due to their well-known vulnerabilities and limitation in terms of CPU, memory, and storage. To improve it, the moving target defense (MTD) paradigm was proposed a decade ago and has shown promising results, but there is a lack of IoT MTD solutions dealing with multi-purpose malware. Thus, this work proposes four MTD mechanisms changing IoT devices' network, data, and runtime environment to mitigate multi-purpose malware. Furthermore, it presents a lightweight and IoT-oriented MTD framework to decide what, when, and how the MTD mechanisms are deployed. Finally, the efficiency and effectiveness of the framework and MTD mechanisms are evaluated in a real-world scenario with one IoT spectrum sensor affected by multi-purpose malware.