The Internet of Things (IoT) is based on the idea that industrial and consumer solutions, not just computers and computer networks, can be readable, recognizable, locatable, addressable, and controllable via an IoT communications network (e.g., an ad-hoc system or the Internet). IoT devices in industrial and consumer systems, for example, IoT sensors and IoT components, are also accessible over the Internet and, therefore, vulnerable to malware. A cyberattack on an IoT critical infrastructure in an industrial system can cause significant physical damage and/or threaten human life if compromised. For example, a cyberattack on an IoT utility infrastructure that uses a nuclear power plant could target critical sub-systems and potentially cause blackouts, plant explosions, or even a nuclear meltdown in a centrifuge. Recently, the stuxnet virus, which is an example of an industrial malware, was used to target programmable logic controllers (PLCs) in a nuclear reactor and cause severe damage to property. The stuxnet virus targeted industrial software that controlled a nuclear reactor by exploiting a zero-day flaw or vulnerability to obtain control of the PLCs and cause a meltdown in the nuclear reactor. The stuxnet virus is just one example of an advanced malware threat where current antivirus solutions are not able to detect the malware. Similarly, in non-industrial systems such as those used in drive-by-wire vehicle systems onboard a vehicle, computer-controlled devices in vehicles, for example, brakes, engine, locks, or the like that are connected to an onboard network may be attacked by malware in order to gain access to the onboard network and compromise safe operation of the vehicle.
An advanced malware threat is capable of circumventing traditional prevention controls, for example, anti-virus software, host-based intrusion prevention systems, or the like, and modifying the behavior of industrial and non-industrial systems. Existing antivirus security software is unable to defend against these advanced malware threats since antivirus signatures are not yet available to antivirus software developers. All systems, industrial and non-industrial, are vulnerable to attacks if they are connected to a network—be it an internal network or an external network. Current security software does not adequately protect these systems from advanced malware threats, as illustrated above. Therefore, a way of protecting against advanced malware threats in critical industrial and non-industrial solutions would be desirable.