Boldizsár Bencsáth

Can we build an IoT malware-scanner for limited resources environments?

There are multi-billions of IoT devices floating around homes and businesses, and the number grows constantly. Malware problems are not something that can be avoided for these devices. However, anti-virus techniques, especially standalone ones (not cloud based) are basically unavailable for these, e.g. for routers, cameras, Linux-based Raspberry PI devices. A user typically installs a device and does not intend to maintain it, and generally have no way to find out if the device behaves in a malicious way.

Together, CrySyS Lab and Ukatemi planned and developed a possible standalone solution against these threats that cannot be handled by traditional antivirus products due to resource limits. Our SIMBIoTA project aims to take advantage of extreme compression: it does not need to store sequences of millions of different binary files, but to accumulate detection based on similarity hashes, and only store minimal basis for the detection. I will show the main benefits of the approach of SIMBIoTA, and also will show how different ways of evasion efforts can be handled and same latest information of the actual implementation.

In addition to the details of the technical methods, I’ll try to elaborate on the possible attacks on the method and also show new advancements to mitigate this problem.

Dr. Boldizsár Bencsáth is a member of the Laboratory of Cryptography and Systems Security (CrySyS) lab at Budapest University. His research interests are in network security, including DoS attacks, spam, malware, botnets, and cyber-physical system security. Boldizsár led the team in the CrySyS lab that investigated the Duqu malware and later worked on a number of other well known APT attacks and currently works on actual questions of malware based attacks, cyber-physical system security (including cars, factories and nuclear power plants). Among other things, Boldizsár also works in multiple start-up companies of the lab and participates in a number of consulting projects in the field of ethical hacking, security design and forensics.