NSF Award
2422242
The Internet of Things (IoT), encompassing devices such as medical equipment, autonomous vehicles, and industrial control units, is becoming integral to modern life and is expected to reach one trillion devices by 2035. Unfortunately, malware attacks on IoT systems are increasing rapidly, exemplified by incidents like the Mirai botnet and the Colonial pipeline attack. While significant research has explored malware detection for PCs and mobile devices, these methods are not suitable for IoT systems due to their diverse operating systems and low power. Current models also struggle against sophisticated attacks that aim to evade detection. To address these challenges, the project team is developing DANGER-IoT, an approach to IoT malware detection that works across heterogeneous platforms, is efficient for low-power devices, and robust against advanced attacks. The researchers are collaborating with industry experts to ensure the project's ideas work well in real-world settings and are creating open-source tools and datasets. Spread across four universities and three countries, this project is also impacting a diverse group of students through new courses, security competitions, and international exchanges.<br/><br/>The DANGER-IoT project focuses on developing advanced machine-learning models for IoT malware detection. The first goal is to create a generic model that can detect malware across heterogeneous IoT platforms by constructing a common embedding space for similar functions across different operating systems and architectures. The project's second aim is to ensure efficiency for low-power devices by applying model compression techniques adapted from explainable AI and model pruning. To enhance robustness, the project will explore large-language models for code-style transfer, making malware appear benign to existing classifiers, and using the results to design a novel moving-target defense. By integrating multi-task learning, behavior classification, and a comprehensive IoT malware dataset, DANGER-IoT aims to provide a scalable detection approach, robust defenses, and significant contributions to the community through shared data, benchmarks, and tools.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
