Abstract
Internet-of-Things (IoT) devices have become critical assets to be protected due to increased adoption for emerging use cases. As such, these devices are confronted with a myriad of malware-based threats. To combat malware in IoT, Moving Target Defense (MTD) is a viable defense layer, since MTD does not rely on a low breach probability - aiming to increase security in a dynamic way. Although evidence supports the usefulness of MTD for IoT, the current state of the art suffers from unrealistic deployments, including the problem of operating multiple MTD techniques. Especially, there is a commonly observed gap in determining and deploying one of a set of locally available MTD techniques. This paper addresses this gap by relying on a rule-based selection mechanism. For that, a risk-driven methodology to establish this selection agent with a well-defined architecture is followed. As an input, the device's behavior, as expressed through its resource consumption, serves as a selection criterion. This architecture was implemented for a Raspberry Pi and evaluated against seven malware, given four existing MTD techniques. The resulting prototype highlights that a rule-based system can efficiently mitigate the malware samples.