Dissertation
Behavioral malware detection on edge routers to secure IoT ecosystems
Doctor of Philosophy (Ph.D.), Drexel University
May 2026
DOI:
https://doi.org/10.17918/00011364
Abstract
Behavioral malware detection resides at the intersection of machine learning and cybersecurity, two of the most prominent topics in computer science today. It leverages representative device data and trained machine learning models either to classify malware or to find anomalies relative to a benign profile. Both approaches are explored in this research. One important application of behavioral malware detection is securing network ecosystems consisting of a router and several edge devices connected to the router. This research focuses specifically on securing the router, which serves as the gateway to the network ecosystem and is therefore a critical component. The following chapters discuss the three key stages for behavioral malware detection: data collection, data processing, and model training/inference. We begin with simpler experimental setups, such as malware classification using readily-available system monitoring tools, and then progress to the more difficult task of anomaly detection using custom-designed system monitoring solutions. The results demonstrate that the network router can be protected from a variety of common malware families, achieving a high true positive rate (TPR) and a low false positive rate (FPR). Maintaining a low false positive rate is essential for a real deployment as excessive false alarms would render the system impractical. The model pipeline is trained using multiple forms of contrastive learning, progressing from simple contrastive learning to contrastive augmented learning, in which perturbations are used to enhance the training process and produce a better model. Finally, we evaluate the practical applicability of the research by showing how this work can be deployed to a production-like environment by streaming the data live through the anomaly detection model in real time and flagging anomalies. In this setting, many of the malware are detected in well under a second from the start of malware execution on the router, highlighting the potential of the approach for real-time malware detection.
Metrics
1 File views/ downloads
1 Record Views
Details
- Title
- Behavioral malware detection on edge routers to secure IoT ecosystems
- Creators
- John M. Carter
- Contributors
- Spiros Mancoridis (Advisor)
- Awarding Institution
- Drexel University
- Degree Awarded
- Doctor of Philosophy (Ph.D.)
- Publisher
- Drexel University
- Number of pages
- x, 86 pages
- Resource Type
- Dissertation
- Language
- English
- Academic Unit
- Computer Science (Computing) (2013-2026); College of Computing and Informatics (2013-2026); Drexel University
- Other Identifier
- 991022182275304721