Routers deployed in homes by Internet Service Providers can play an important role in defending computers behind the router from attacks originating from the Internet. For instance, such home routers often perform firewall functions. In this project, the goal is to study if and how they can be used to detect malicious files that are being transferred in the network traffic. This can happen, for instance, when a user behind the router visits a malicious web site and accidentally downloads malware from it. A specific requirement in this context is that the malware detection mechanism must be lightweight and fast, such that it respects the resource constraints of the router and it does not introduce noticeable delays. A potential solution can be SIMBIoTA, a lightweight mechanism designed in the CrySyS Lab of BME to detect malware on IoT devices. 

The task of the student is:

• to study and to understand SIMBIoTA and to propose an approach to adopt it for detecting malicious binaries in the network traffic;
• to perform measurements for determining the maximum number of bytes that need to be taken from a binary in order to reliably detect if it is a malware using SIMBIoTA;
• to design the architecture of the malware detection system running on the router, assuming that the router has some Linux-like OS;
• to implement a proof-of-concept prototype of the malware detection system on a router platform (e.g., OpenWRT);
• to demonstrate the operation of the prototype; 
• to evaluate the solution and to propose possible performance improvements.