A hybrid approach for malware detection in SDN‐enabled IoT scenarios

Abstract

Malware presents a significant threat to computer systems security, especially in ARM and MIPS architectures, driven by the rise of the internet of things (IoT). This paper introduces Heimdall, a hybrid approach that integrates YARA signatures and machine learning in programmable switches for efficient malware detection in SDN‐enabled IoT environments. The machine learning classifier achieved an accuracy of 99.33% against the IoT‐23 dataset. When evaluated in an emulated environment with real malware samples, Heimdall exhibits a 98.44% detection rate and an average processing time of 0.0217 s.