Iotprotect: Highly deployable whitelist-based protection for low-cost internet-of-things devices

Abstract

In recent years, many Internet-of-Things (IoT) devices, such as home routers and Internet Protocol (IP) cameras, have been compromised through infection by malware as a consequence of weak authentication and other vulnerabilities. Malware infection can lead to functional disorders and/or misuse of these devices in cyberattacks of various kinds. However, unlike personal computers (PCs), low-cost IoT devices lack rich computational resources, with the result that conventional protection mechanisms, such as signature-based anti-virus software, cannot be used. In this study, we present IoTProtect, a light-weight, whitelist-based protection mechanism that can be deployed easily on existing commercial products with very little modification of their firmware. IoTProtect uses a whitelist to check processes running on IoT devices and terminate unknown processes periodically. Our experiments using four low-cost IoT devices and 4,981 in-the-wild malware binaries show that IoTProtect successfully terminated 99.92% of the processes created by the binaries within 44 seconds after their infection with central processing unit (CPU) overhead of 24% and disk space overhead of 288 KB.