IoTProtect: Highly Deployable Whitelist-based Protection for Low-cost Internet-of-Things Devices

Access this Article

Author(s)

    • Fujita Akira
    • Graduate School of Environment and Information Sciences, Yokohama National University|Institute of Advanced Sciences, Yokohama National University
    • Yoshioka Katsunari
    • Graduate School of Environment and Information Sciences, Yokohama National University|Institute of Advanced Sciences, Yokohama National University
    • Matsumoto Tsutomu
    • Graduate School of Environment and Information Sciences, Yokohama National University|Institute of Advanced Sciences, Yokohama National University

Abstract

<p>In recent years, many Internet-of-Things (IoT) devices, such as home routers and Internet Protocol (IP) cameras, have been compromised through infection by malware as a consequence of weak authentication and other vulnerabilities. Malware infection can lead to functional disorders and/or misuse of these devices in cyberattacks of various kinds. However, unlike personal computers (PCs), low-cost IoT devices lack rich computational resources, with the result that conventional protection mechanisms, such as signature-based anti-virus software, cannot be used. In this study, we present IoTProtect, a light-weight, whitelist-based protection mechanism that can be deployed easily on existing commercial products with very little modification of their firmware. IoTProtect uses a whitelist to check processes running on IoT devices and terminate unknown processes periodically. Our experiments using four low-cost IoT devices and 4, 981 in-the-wild malware binaries show that IoTProtect successfully terminated 99.92% of the processes created by the binaries within 44 seconds after their infection with central processing unit (CPU) overhead of 24% and disk space overhead of 288KB.</p>

Journal

  • Journal of Information Processing

    Journal of Information Processing 26(0), 662-672, 2018

    Information Processing Society of Japan

Codes

Page Top