Date of Award

Summer 2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

Program/Concentration

Computer Science

Committee Director

Danella Zhao

Committee Director

Ravi Mukkamala

Committee Member

Stephan Olariu

Committee Member

Chunsheng Xin

Abstract

Cyberattacks on IoT devices are accelerating at an unprecedented rate, largely driven by IoT malware activities. The IoT malware attacks typically comprise three stages: intrusion, infection, and monetization. Existing IoT malware detection methods fail to identify malicious activities at the intrusion and infection stages and thus cannot stop potential attacks timely. In our research, we have leveraged power side-channel information as input to our deep learning model to identify malware at early stages of intrusion on IoT devices. But, deploying a resource-intensive deep learning model on highly resource-constrained IoT devices is a significant challenge. Consequently, utilizing a Machine Learning as a Service (MLaaS) engine to offload computation tasks to edge servers in the cloud becomes an attractive solution. However, edge computing introduces significant privacy concerns since client data from IoT devices is sensitive, and the model parameters at the edge server are regarded as proprietary information. Therefore, we propose three privacy-preserved deep learning frameworks to monitor side-channel power consumption in real-time and identify its correlation to various malware infection activities without leaking client or server information. Our first framework, DeepShield, is a secure inference-based IoT malware detection system characterized by a novel hybrid cryptographic protocol. This protocol offloads most computation to the edge and enables secret-sharing collaboration between the client and edge server. It takes the most expensive computation of homomorphic operations offline, lightening online secure interaction. However, its detection strategy must catch up with the rapid pace of malware evolution. Hence, we introduce our second framework, BoTShield, a novel privacy-preserved online training method capable of detecting malware variants. We use a combination of homomorphic encryption, secret sharing, and differential privacy approach to preserve the privacy of BoTShield. Though BoTShield represents an advancement over DeepShield, it isn’t fully equipped to detect zeroday malware attacks. Thus, we introduce MalwareShield, a privacy-preserved federated learning framework based on a novel differential privacy approach equipped with an encoder-based unsupervised model to detect zero-day malware attacks. Moreover, MalwareShiedl reduces the amount of data communication between the client and the server. Our empirical experiments demonstrate that these frameworks enable secure, accurate, real-time, and scalable malware detection.

Rights

In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/ This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).

DOI

10.25777/vpxr-9x83

ISBN

9798384444527

Download

Share

COinS