CloudEyes: Cloud‐based malware detection with reversible sketch for resource‐constrained internet of things (IoT) devices

Summary Because of the rapid increasing of malware attacks on the Internet of Things in recent years, it is critical for resource‐constrained devices to guard against potential risks. The traditional host‐based security solution becomes puffy and inapplicable with the development of malware attacks. Moreover, it is hard for the cloud‐based security solution to achieve both the high performance detection and the data privacy protection simultaneously. This paper proposes a cloud‐based anti‐malware system, called CloudEyes, which provides efficient and trusted security services for resource‐constrained devices. For the cloud server, CloudEyes presents suspicious bucket cross‐filtering, a novel signature detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. For the client, CloudEyes implements a lightweight scanning agent which utilizes the digest of signature fragments to dramatically reduce the range of accurate matching. Furthermore, by transmitting sketch coordinates and the modular hashing, CloudEyes guarantees both the data privacy and low‐cost communications. Finally, we evaluate the performance of CloudEyes by utilizing both the campus suspicious traffic and normal files. The results demonstrate that the mechanisms in CloudEyes are effective and practical, and our system can outperform other existing systems with less time and communication consumption. Copyright © 2016 John Wiley & Sons, Ltd.