A Network Function Virtualization System for Detecting Malware in Large IoT Based Networks

The exponential growth in the use of Internet of Things (IoT) devices has introduced numerous challenges, in particular dealing with new security threats. In addition, for connecting heterogeneous devices using different protocols, large networks need resilient software-based security systems that can defend against unprecedented attacks for which the traditional security countermeasures prove to be ineffective. Furthermore, to deal with the ever growing onslaught on data and networks, modern security systems need to utilize novel machine learning mechanisms. This paper proposes a software-based architecture that provides network function virtualization (NFV) capability to combat malware spread for heterogeneous IoT networks. To build a scalable and generalized Intrusion Detection System (IDS), we propose for these networks a RNN-LSTM learning model that can predict malware attacks in a timely manner for the NFV to deploy appropriate countermeasures. In addition, we investigate the scalability of the network and discuss how the generalized IDS can deal with a broad range of malwares that can be detected. The analysis utilizes the susceptible (S), exposed (E), infected (I), and resistant (R) (SEIR) epidemic model to moniter the spread of the malware attack and subsequently provides patching to the system. Our analysis focuses primarily on the feasibility and the performance evaluation of the proposed integrated RNN-LSTM and NFV architecture.