Summer Research Fellowship Programme of India's Science Academies

IISR: A Secure Router for IoT Networks

Vibhor Tyagi

Third Year Undergraduate Student, Computer Science and Engineering Department, National Institute of Technology Agartala, Tripura

Guided by:

Prof. B. M. Mehtre

Research Guide, Center of Excellence in Cyber Security, Institute for Development and Research in Banking Technology, Castle Hills, Road No. 1, Masab Tank, Hyderabad-500 057


The Internet of Things (IoT) is a moderately new idea in the field of technology. The fundamental thought that lies behind IoT is to make things associated with the internet and make them ready to send, receive, and process data. These devices have a small computational power and memory storage. They are associated with cloud where care can be taken for these auxiliary services. The number of IoT devices is increasing multi-folds each year, and it is expected that there will be around 75 billion IoT devices by 2025. With expanding the prevalence of IoT devices, the vulnerabilities and security issues related to these devices are also increasing. The absence of security mechanisms and vulnerable protocols make IoT gadgets obvious targets for hackers, for instance, the "Mirai Botnet Attack" in 2016. There is a critical requirement for security of IoT frameworks. In this project, We propose a secure IoT Router, which is safe from many digital attacks. IISR protects the device network against malicious attacks by giving a one-step solution for securing IoT systems. IISR consists of a Raspberry Pi 3 Model B+, five IoT devices, and an attacker machine. The router has been tested by conducting ten attacks namely: Deauthentication, Fake-Authentication, MAC Spoofing, Denial of Service, Port Scanning, WiFi Cracking, ARP Poisoning, DNS Spoofing, Malware Injection, and Firmware Exploitation. Security mechanisms have been deployed for detection and mitigation of these attacks. They consist of Snort IDS rules, Arduino programming, Packet Sniffer, and configuration of connection methods. The test results show that IISR has detected seven out of ten attacks and it has been able to mitigate six out of the ten attacks performed.

Keywords: attacks, detection, Internet of Things, mitigation vulnerabilities.


ARP Address Resolution Protocol
BSSID Basic service sets ID
DNS Domain Name System
ESP Espressif Modules
FIN Used for meaning “Finish”
HTTP HyperText Transfer Protocol
IDRBT Institute for Development and Research in Banking Technology
IDS Intrusion Detection System
IISR IDRBT IoT Secure Router
IoT Internet of Things
MAC Media Access Control
OWASP Open Web Application Security Project
RAM Random Access Memory
SDN Software-Defined Networking
TCP Transmission Control Protocol
UDP User Datagram Protocol
WAP Wireless Access Point
WEP Wired Equivalent Privacy
WPA Wi-Fi Protected Access



Numerous specialists and researchers have attempted to explain the term "Things" with regards to IoT, yet even today the definition is hazy. The definition proposed by S. Haller, et al ,2008 goes like: “A world where physical objects are seamlessly integrated into the information network, and where the physical objects can become active participants in the business process.” This definition of IoT covers just the physical items, yet as we see today, the range of IoT has developed virtual things as well. Numerous other experts have given their explanations to make their definitions increasingly closer to IoT. In this project, "Thing" on IoT is any physical or virtual gadget which has the network to the web that can send, process, and receive the data and can interact with more intelligent models (including humans).

Statement of the Problems

Digital attacks have threatened the world of computers right from the very beginning, yet with the advent of IoT, the simplicity and volume of these attacks have expanded substantially. The essential purpose behind this is the non-existence of appropriate safety measures in IoT devices. The number of IoT devices is increasing multi-fold every year, as are the attacks on them .

The increasing number of IoT devices likewise prompts more vulnerabilities, and it ends up easier for an attacker to attack the IoT devices and another issue of security of data emerges. These gadgets are commonly running on obsolete security mechanisms, and appropriate protection from malicious attacks is absent. With IoT, this issue takes a gigantic shape as a large number of devices in the system involve small gadgets which don't have much processing power and storage limits. These deficiencies make them defenseless against attackers and consequently compromising the security of the entire Internet. Not only can these gadgets be hacked, however, but they can also likewise be vindictively used for large cyber attacks. These little devices can be hijacked, and a large network of bots can be made, and in this manner, it can prompt the breakdown of a noteworthy bit or entire of the internet. The Mirai Botnet Attack, on October 12, 2016, caused an enormous Distributed Denial of Service (DDoS) attack, which influenced access to the internet (​L. Xiao, et al, 2018​ ​M. U. Farooq, et al, 2015​).

Objectives of the Research

This project concerns IoT network architecture, which is generally deployed in smart homes. We have deployed this testbed at CCS Lab, IDRBT, Hyderabad, India. The IISR (IDRBT IoT Secure Router) is a Raspberry Pi device https : / / raspberry - valley. azurewebsites . net / RaspAP Wifi-Hotspot/ , and five IoT devices are connected to it. We study the behaviour of IISR and IoT devices under attacks, security flaws, and privacy protection issues. Due to the heterogeneity of IoT devices, security implementation is going to be highly variable. This motivated us to develop a low-cost solution for such IoT networks. We believe that IISR can be augmented with the existing security techniques to increase resistance to IoT attacks. Using IISR, the security of IoT devices can be strengthened, and a better environment for small scale IoT networks can be created.

Overall objective

The overall objective of this research is the development of a secure central authority (IISR), which can be deployed in small-scale IoT networks to ensure the security for the whole of the network   Aneesh Dua, et al ,2019 .


IISR is best suited for small scale IoT networks, and it can prevent a large number of entry-level attacks from happening. We have used a single Raspberry Pi as the router, but the number of Raspberry Pis can be increased to handle complex situations. Also use of blockchain technology can be used to make a very efficient and good solution for the security of small scale IoT networks.

The rest of the report is organized as follows:

Section 2 contains related work. Experimental setup and Proposed approach is explained in section 3. Section 4 contains Results and Discussion. Section 5 contains details of Summary and Future Work.


Review of Related Work

In the work by B. Dorsemaine, et al ,2016 , the possible attacks to an Internet of Things (IoT) system in a corporate environment have been discussed. Their work also discusses a case study of connected smart thermostats. Their work discusses only the corporate environment. We require a solution that suits not only the corporate environment but others as well, namely home, military, and industrial.

​M. Miettinen, et al ,2017​ have described a method for securing IoT systems. Their model comprises of an SDN (Software-Defined Networking) security gateway that analyses the vulnerability level of each new IoT device that connects to the network using a cloud service. They constraint the communications of the IoT device to make a more secure environment. Moreover, constraining interactions is not an efficient method to achieve security.

Using BlockChain based methods, A. Dorri, et al ,2017 have proposed a model to secure IoT devices. Their work makes use of local BlockChain Ledger and its immutability to create a secure network for IoT devices. This is a very promising method for securing IoT devices, but it comes at the cost of high processing overhead. Their model requires a BlockChain Manager to manage the transactions among the devices as well as communications to the internet.

A. F. A. Rahman, et al discussed the security threats & vulnerabilities of all layers in IoT Architecture. Their proposed framework requires security mechanisms to be constructed at each layer of the diverse IoT Architecture to provide a more secure IoT environment and cloud system. Also, the implementation feasibility of their method is a questionable proposition.

Evaluation of Related Work

All the methods which are discussed in section 2.1 have given their solutions but none of the solutions is a one-step solution to secure IoT networks. Some of the solutions are quite expensive and are not feasible to implement in the small-scale IoT networks. Others require high processing powers which is again a problem for small scale IoT networks, especially domestic IoT networks.


Proposed Approach

The security methods discussed in section II lack the characteristic of being feasible and efficient at the same time. IISR has both these characteristics. It is a low power device that suits any type of network architecture and protects the network from all kinds of attacks. It also has a provision for monitoring the network as well.

In order to test IISR, we have classified the IoT attacks into four-levels according to their nature and complexity. The complexity, as well as the threat-level of the attacks, increases as the number of levels increase. We performed ten attacks from level-0 to level-3. Figure 1 shows a diagrammatic representation of our classification of these attacks as well as the vulnerabilities of IoT devices.

    Classification of IoT-Attacks

    Experimental Setup

    The Testbed used for IISR comprises of a Raspberry Pi 3 Model B+ (Raspbian OS), five IoT devices, an Attacker Machine, and a Packet Sniffer. Ten attacks were performed on IoT devices using the Attacker Machine. The detection and mitigation mechanisms were configured on the IISR. In general, mainly two types of attack scenarios are possible: attacks from outside the network and attacks from inside of the network. Attacks from outside network target the network itself. They are mostly attempting to enter the network. Hence according to the type of attacks to be executed, we setup our experimental network. Figure 2 shows the connections of our experimental entities for attacks from outside the network, while Figure 3 shows for attacks originating inside the network.

      Experimental Setup for Attacks from Outside the Network
        Experimental Setup for Attacks from Inside the Network

        Setup Overview

        A. IISR Secure Router

        We configured the Raspberry Pi Model 3 Model B+ with internet connectivity as IISR. This offers a low-cost and low- processing power solution to the security requirement of IoT devices. The internet connection through the Ethernet port was bridged with the WiFi broadcasting network interface. The router was configured with WPA (WiFi Protected Access) security using CCM Mode Protocol encryption.

        B. IoT Devices

        For realistic testing, we made IoT devices with the help of ESP32 module and sensors. The sensors used were the temperature and humidity sensor (DHT11), motion detector (D- Sun Hc-Sr501), LM393 photosensitive light-dependent control sensor module, and MPU6050 (gyroscope + accelerometer + temperature) sensor module. We connected an ESP32 module with IISR to connect to the wireless network. The module captured the sensor readings and broadcasted them through the network using an HTTP server.

        C. Attacker Machine

        To perform attacks, we set up a computer with 4GB RAMand 3.8GHz Intel i7 processor. We installed Kali Linux OS (Version 2019.1) on it. Using the former, we performed attacks, both from outside as well as inside the network. Attacks from outside the network, namely deauthentication and fake authentication attacks were conducted by sending malicious packets from outside the network with the help of a WiFi adapter (Atheros AR9271) by using it in monitor mode.

        D. Packet Sniffer

        To protect our IISR Wifi from attacks such as Deauthentication, Fake Authenticationhex, and Wifi Credential Cracking, we programmed an ESP8266 Wifi Module using Arduino IDE as a packet sniffer.



        Level-Wise IoT-Attacks Detection & Mitigation

        Level 0 IoT-Attacks

        • Deauthentication & Fake Authentication Attacks:

        Deauthentication & Fake authentication attacks that fall in this category originate outside the network. Authentication & Authorization problems arise when measures are taken to verify the authenticity of a device are insufficient. Deauthentication is not a very advanced attack. The attacker needs to generate only one packet for every six packets generated by the client and server to deauthenticate or disconnect the client from the Wireless Access Point (WAP). Fake-authentication is another attack in which the attacker associates with the target network when he is not authorized to do so. It can be launched against WAPs using Wired Equivalent Privacy (WEP) security. These attacks are the stepping stones towards cracking Wifi credentials. Hence, even though they are not very advanced or complex, they lead to higher level attacks. We have performed these attacks on our setup and studied the packets during the attack. Figure 4 shows a scan done by "airodump-ng " command to scan the whole network and select the victim WAP. This scan shows the various WAPs nearby along with the MAC Addresses of the devices connected to the respective network. The figure 5 shows the deauthentication attack and our interface is sending the deauthentication packets to the victim BSSID (MAC address of the wireless access point) and all the devices connected with the WAP are deauthenticated ​H. Xu, et al ,2017​ , ​M. Waliullah, et al ,2015​ .

          Scan showing the Wireless Access Points (ESSID) and the MAC Addresses (BSSID) of connected devices.
            Attacker machine sending deauthentication packets to target WAP.

            The packets are sent by the attacker machine to the router but do not enter the network and hence cannot be detected using tools like Snort, Wireshark etc. One solution to tackle fake authentication attacks is to use better security methods like Wi-Fi Protected Access (WPA) or WPA2. We detect both these attacks using a packet sniffer by programming an ESP8266 Wifi Module in monitor mode using Arduino IDE to detect such packets. The module was deployed on the IISR, and it successfully detected these attacks. Figure 6 shows the successful detection of the deauthentication packets.

              Detection of deauthentication packets using Packet Sniffer (Number of packets shown in a rectangle)

              Figure 7 shows a fake-authentication attack where the entries in the figure show the successful authentication and successful association by the attacker machine. The malicious device is associated with the router using fake credentials.

                Successful Fake Authentication Attack using aireplay-ng tool
                • Port Scanning:

                Port Scanning attack originates within the network. It finds all the open ports which a hacker can use to exploit the target device. Once open ports of a device have been found, they can be used to deliver dangerous payloads and malware. We performed port scanning using the widely used NMAP Tool and studied the packets using Wireshark. To tackle these attacks, we formulated Snort rules on the IISR. These rules detect packets associated with port scanning and also provide us with the info of the attacker IP address as well the victim(s) IP. Post-deployment of the same, all kinds of NMAP Scans, namely TCP, UDP, XMAS, FIN, and NULL were detec- ted. Figure 8 shows the Detection of NMAP TCP Scan being executed by the Attacker machine present in the same network. The highlighted section in the figure shows a TCP scan launched by the device against the device M. De Vivo, et al ,1999 .

                  Detection of NMAP TCP Scan where A -> B represents A attacking B

                  Level 1 IoT-Attacks:

                  • ARP Poisoning:

                  Address Resolution Protocol (ARP) is a standard protocol which maps the logical address of a device with the physical address of that device. Whenever a device wants to know the MAC address of a device it broadcasts an ARP request in the network with the IP address of that device and the device with the specified IP replies back and tells it’s MAC address to the requesting device ​C. L. Abad ,2007​ , ​W. Gao, et al ,2018​ .

                  To launch this attack first, an NMAP scan is done so as to know the IP and MAC addresses of all the devices including the gateway in the network. This framework also does the SSL stripping, and thus, all the traffic of the victim devices start flowing through the attacker machine, and the attacker has access to all the data of the victims. This attack was performed using “mitmf” (Man-In-The-Middle-Framework) tool of Kali Linux. This attack requires the attacker to be in the same network in which the victim device is present. The command to launch this attack is:

                  $ mitmf –arp –spoof –gateway <gateway ip> –targets <ips of target machines> -i <interface name>

                    ARP Table Before Attack
                      ARP Table After Attack

                      In arp poisoning attack the malicious device sends a fake arp request to the victim device. The victim device replies and sends its MAC address. Figure 9 shows the entries of the ARP table in the victim device before the attack. Figure 10 shows the content of the ARP table in the victim device after the attack.

                      • Wifi Cracking:

                      Wifi cracking attacks are common for networks containing IoT devices as they pose a great potential for further exploitation. To prevent such attacks, it is advised to use WPA/WPA-PSK security methods for WiFi authentication. However, the credentials can still be cracked using intensive attacks. The process to execute such intense attacks involves Deauthentication. Prevention of Deauthentication attacks has already been discussed in Level 0 attacks.

                      Level 2 IoT-Attacks:

                      • Denial of Service:

                      A denial-of-service (DoS) attack is where hackers render a device inaccessible to legitimate customers. They do this by overwhelming the device with traffic and data until it stops its regular functioning. IoT devices usually are low bandwidth devices due to their characteristic features. Hence, hackers can easily generate a massive amount of traffic to overload an IoT device thus create lag or even crash its working. To perform this attack, an attacker targets the IoT device’s IP address and floods it with huge amount of packets through any of the network protocols (TCP/UDP/HTTP).

                      • MAC Spoofing:

                      MAC spoofing ​J. Yu, et al ,2016​ , is another attack which is most commonly used to connect to a router on which MAC filtering is deployed.Figure 11 shows MAC-Spoofing and changing the MAC address of an interface to any desired MAC address. In this attack, the attacker monitors the devices connected to the network using monitor mode and clones the MAC Address and bypasses the MAC filter configuration of the network.

                        MAC Spoofing attack macchanger deployed.
                        • DNS Spoofing:

                        DNS stands for Domain Name System, and the main use of this server is to convert the domain names to the respective IP addresses. Even if the DNS is unavailable for a very short period of time it can cause huge losses. The simple nature of the DNS protocol and mainly use of the UDP packets make it quite vulnerable to spoofing and DoS attacks.

                        The figure 12 shows a DNS attack using the "Ettercap" tool. The highlighted section shows the successful launching of the attack against the victim device. Whenever the victim device is trying to go to yahoo.com it is being redirected to the attacker machine.

                          DNS Spoofing using Ettercap tool

                          To prevent DNS spoofing, we can implement DNS spoofing detection mechanisms:

                          – Using encrypted data transfer protocols Using end-to-end encryption via SSL/TLS will help decrease the chance that a website or its visitors are compromised by DNS spoofing. This type of encryption allows the users to verify whether the server’s digital certificate is valid and belongs to the website’s expected owner.

                          – Use Domain Name System Security Extensions (DNSSEC; it uses digitally signed DNS records to help determine data authenticity. DNSSEC is still a work in progress as far as deployment goes, but is useful, especially in IoT scenarios.

                          Level 3 Attacks:

                          • Firmware Vulnerabilities:

                          IoT devices for practical purposes come with a firmware installed on them in order to function properly. It contains the operational code for the device. Firmware installed on IoT devices is easily extractable and in some cases available freely on the internet. Moreover, they usually do not have any security mechanism. Therefore, the vulnerabilities in the developers’ code are easily known. They are not regularly updated, which makes their vulnerabilities more open as time passes by. Figure 13 shows an example of the same. This has proven to be a very high-level threat to IoT devices in terms of harm done.

                            Reverse Engineering Firmware using Firmadyne tool
                            • Malware and Botnets:

                            Due to lack of security mechanism in IoT devices, malware injection of these devices is quite simple and prevalent M. Christodorescu, et al ,2005 . There can be various ways through which this malware infect the systems. Some of them include the use of USB drives to execute a malicious file on a system; other methods may include Phishing, drive-by downloads, etc. Malware also causes the IoT devices to act as bots for bigger coordinated attacks like DDoS. To prevent this, we proposed a security router that handles all data traffic to and from these devices. The router makes sure that no unusual or malicious traffic goes to the IoT device.

                            • Unencrypted Data:

                            IoT devices are of low processing power and cannot handle big operations such as encryption and decryption. Thus, all of the data, especially sensitive information, remains as plain text and can be easily read by an unauthorized user. The IISR security router can also handle encryption for the device data going outside the network. It decrypts data that is coming in for the device.

                            Summary of Results and Discussion

                            • The attacks generated from outside the network were un-successful after the deployment of the ESP8266 module, which detected malicious packets coming to the router.
                            • In the case of Port Scanning, the rules prevented scans of all the protocols TCP, UDP, XMAS, etc.
                            • The snort rules formulated can detect both the types of ARP-Spoofing attacks. It generates alert packets whenever an attack is launched and prevent the attack from taking place.
                            • The table in Figure 14 shows the summary of the detection and mitigation of various attacks that we studied in our paper. Tick in a cell means that the respective task is performed successfully while cross shows otherwise.

                              CONCLUSION AND FUTURE WORK


                              IISR is a one-step solution for securing IoT devices. The proposed system detected and mitigated six out of ten attacks, namely: Deauthentication, Fake-Authentication, Denial of Service, Port Scanning, WiFi Cracking, and ARP Poisoning. It could detect the attack of mac spoofing but could not mitigate it. The deployed security mechanisms consisted of Snort IDS rules, Arduino programming, Packet Sniffer, and configuration of connection methods. The router performed really well under the attacks. Thus, it protects connected IoT devices from these attacks. Even though it was tested on a small scale network, it’s architecture makes it suitable for all kinds of applications: industrial, military, and corporate networks. Thus, IISR can be scaled for bigger networks as well. To scale it for greater systems for military or modern purposes a group of Raspberry Pi gadgets can be utilized to build handling power.

                              Future Work

                              Our future work will be concerned about broadening this solution on a greater scale and fortifying the safety efforts to cover numerous different attacks and vulnerabilities, with the goal that a more secure environment can be made for the deployment of IoT gadgets. We plan on adding more Snort guidelines to handle any new attacks. It might likewise cover different conventions like Bluetooth, Zigbee, and so forth to secure IoT gadgets working on various Protocols. The other thought is the utilization of blockchain on IoT systems. Blockchain does not explicitly give any solution for the detection or mitigation of attacks on IoT gadgets; however, it's execution makes it illogical for the attacker to lead these attacks. A local blockchain can be actualized on a local IoT system using platforms like Ethereum. This blockchain will take care of fortifying the security of the IoT devices in its local network.


                              I would like to thank Prof. B M Mehtre for continuous guidance and patience. Being my 1st summer project, I had a lot of things to learn, and the amount of knowledge and experience I have gained from him is matchless. I owe my sincere thanks to him.

                              I thank Mr. N D Patel and Mr. Anessh Dua for their cooperation and team-work in lab and overall for making it a great learning experience.

                              I would also like to thank each member of the Centre for Excellence in Cyber Security Lab, IDRBT for all the support and discussions.

                              I also thank the Indian Academy of Sciences for their support throughout the programme and for giving me this great opportunity. It would not have been possible without this Summer Research Fellowship.

                              I would also like to thank the Institute for Development and Research in Banking Technology, Hyderabad for providing me the whole infrastructure, resources, accommodation, and other requirements and hence, making my stay comfortable.




                              Vibhor Tyagi




                              • S. Haller, S. Karnouskos and C. Schroth, ‘The internet of things in an enterprise context’, in Future Internet Symposium, Springer, 2008, pp. 14–28.

                              • L. Xiao, X. Wan, X. Lu, Y. Zhang and D. Wu, ‘Iot security techniques based on machine learning’, arXiv preprint arXiv:1801.06275, 2018.

                              • M. U. Farooq, M. Waseem, A. Khairi and S. Mazhar, ‘A critical analysis on the security concerns of internet of things (iot)’, International Journal of Computer Applications, vol. 111, no. 7, 2015.

                              • https : / / raspberry - valley. azurewebsites . net / RaspAP Wifi-Hotspot/.

                              •   Aneesh Dua, Vibhor Tyagi, ND Patel, BM Mehtre (2019) IISR: A Secure Router for IoT Networks. Submitted to 4th IEEE International Conference on Information Systems and Computer Networks ISCON 2019.

                              • B. Dorsemaine, J.-P. Gaulier, J.-P. Wary, N. Kheir and P. Urien, ‘A new approach to investigate iot threats based on a four layer model’, in 2016 13th International Conference on New Technologies for Distributed Systems (NOTERE), IEEE, 2016, pp. 1–6.

                              • M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi and S. Tarkoma, ‘Iot sentinel: Automated device-type identification for security enforcement in iot’, in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), IEEE, 2017, pp. 2177–2184.

                              • A. Dorri, S. S. Kanhere, R. Jurdak and P. Gauravaram, ‘Lsb: A lightweight scalable blockchain for iot security and privacy’, arXiv preprint arXiv:1712.02969, 2017.

                              • A. F. A. Rahman, M. Daud and M. Z. Mohamad, ‘Securing sensor to cloud ecosystem using internet of things (iot) security framework’, in Proceedings of the International Conference on Intern.

                              • H. Xu, D. Sgandurra, K. Mayes, P. Li and R. Wang, ‘Analysing the resilience of the internet of things against physical and proximity attacks’, in International Conference on Security, Privacy and Anonymity inComputation, Communication and Storage, Springer, 2017, pp. 291–301.

                              • M. Waliullah, A. Moniruzzaman, M. S. Rahman et al., ‘An experimental study analysis of security attacks at ieee 802. 11 wireless local area network’, International Journal of Future Generation Communication and Net- working, vol. 8, no. 1, pp. 9–18, 2015.

                              • M. De Vivo, E. Carrasco, G. Isern and G. O. de Vivo, ‘A review of port scanning techniques’, ACM SIGCOMM Computer Communication Review, vol. 29, no. 2, pp. 41–48, 1999.

                              • C. L. Abad and R. I. Bonilla, ‘An analysis on the schemes for detecting and preventing arp cache poison- ing attacks’, in 27th International Conference on Dis- tributed Computing Systems Workshops (ICDCSW’07), IEEE, 2007, pp. 60–60.

                              • W. Gao, Y. Sun, Q. Fu, Z. Wu, X. Ma, K. Zheng and X. Huang, ‘Arp poisoning prevention in internet of things’, in 2018 9th International Conference on Information Technology in Medicine and Education (ITME), IEEE, 2018, pp. 733–736.

                              • J. Yu, E. Kim, H. Kim and J. Huh, ‘A framework for detecting mac and ip spoofing attacks with network characteristics’, in 2016 International Conference on Software Security and Assurance (ICSSA), IEEE, 2016, pp. 49–53.

                              • M. Christodorescu, S. Jha, S. A. Seshia, D. Song and R. E. Bryant, ‘Semantics-aware malware detection’, in 2005 IEEE Symposium on Security and Privacy (S&P’05), IEEE, 2005, pp. 32–46.

                              Written, reviewed, revised, proofed and published with