Artificial Immune Systems for Detecting Unknown Malware in the IoT

Abstract

With the expansion of the digital world, the number of the Internet of Things (IoT) devices is evolving dramatically. IoT devices have limited computational power and small memory. Also, they are not part of traditional computer networks. Consequently, existing and often complex security methods are unsuitable for malware detection in IoT networks. This has become a significant concern in the advent of increasingly unpredictable and innovative cyber-attacks. In this context, artificial immune systems (AIS) have emerged as effective IoT malware detection mechanisms with low computational requirements. In this research, we present a critical analysis to highlight the limitations of the AIS state-of-the-art solutions and identify promising research directions. Next, we propose Negative-Positive-Selection (NPS) method, which is an AIS-based for malware detection. The NPS is suitable for IoT's computation restrictions and security challenges. The NPS performance is benchmarked against the state-of-the-art using multiple real-time datasets. The simulation results show a 21% improvement in malware detection and a 65% reduction in the number of detectors. Then, we examine AIS solutions' potential gains and limitations under realistic implementation scenarios. We design a framework to mimic real-life IoT systems. The objective is to evaluate the method's lightweight, fault tolerance, and detection performance with regard to the system constraints. We demonstrate that AIS solutions successfully detect unknown malware in the most challenging IoT environment in terms of memory capacity and processing power. Furthermore, the systemic results with different system architectures reveal the AIS solutions' ability to transfer learning between IoT devices. Transfer learning is a critical feature in the presence of highly constrained devices in the network. More importantly, we highlight that the simulation environment cannot be taken at face value. In reality, AIS malware detection accuracy for IoT systems is likely to be close to 10% worse than simulation results, as indicated by the study results.