Low-Power and Lossy Networks (LLNs), e.g., sensor networks, have a myriad of applications, such as Smart Grid and Smart Cities. Various challenges are presented with LLNs, such as lossy links, low bandwidth, battery operation, low memory and/or processing capability of a device, etc. Changing environmental conditions may also affect device communications. For example, physical obstructions (e.g., changes in the foliage density of nearby trees, the opening and closing of doors, etc.), changes in interference (e.g., from other wireless networks or devices), propagation characteristics of the media (e.g., temperature or humidity changes, etc.), and the like, also present unique challenges to LLNs. For example, an LLN may be an Internet of Things (IoT) network in which “things,” e.g., uniquely identifiable objects such as sensors and actuators, are interconnected over a computer network. Typically, IoT networks include a very large number of heterogeneous endpoints that exhibit various degrees of constrained resources.
Malware defense generally entails detecting and preventing system changes, such as the installation of software and other configuration settings, that are intended for malicious purposes (e.g., disrupting operation of the device or network, data exfiltration, etc.). Doing so is fairly straightforward in traditional networks, as the devices have a high degree of local resources, network links are fairly stable, etc. For example, an endpoint computer may execute its own virus scanner, to detect and prevent the installation of viruses on the local device. These same host-based approaches, however, are not applicable in many IoT implementations where the endpoint nodes have very limited resources.