Research-led cyber security

Practical AI malware detection for edge devices

Steadnet focuses on lightweight cyber security research for IoT, ESP32s, Raspberry Pis, and small compute environments where modern AI needs to work within real hardware limits.

View Solutions Read the Research

Multi-modal AI demo

Two evidence streams, one model decision

running
multimodal_malware.py fusing streams 
import tensorflow as tf

binary = load_executable("sample.exe")
image = binary_to_grayscale(binary)
header = extract_header_bytes(binary)

model = tf.keras.models.load_model("hybrid_edge_model.h5")
visual_features = model.visual_stream(image)
byte_features = model.byte_stream(header)
decision = model.fusion([visual_features, byte_features])

print(decision.family, decision.confidence)

Inference path

Visual stream + byte stream -> fusion

Executable sample

Parallel features

Visual texture streamEfficientNetB0
Header byte stream1D CNN
Fused representationconcat

Model decision

Benign0.8%
Packed unknown4.6%
CobaltStrike-like94.6%

Output

Threat family detected

1. convert binary image
2. read header bytes
3. fuse signals
4. classify family

Applied research and advisory

AI security work for connected systems

AI

Predictive AI Threat Intelligence

Our AI models analyze vast datasets to identify emerging cyber threats and vulnerabilities before they impact your systems, shifting security from reactive to truly proactive. Ideal for high-security projects.

  • Real-time anomaly detection
  • Proactive vulnerability scanning
  • Behavioral analytics
IR

Automated Incident Response

AI-powered automation rapidly contains and remediates cyber security incidents, minimizing downtime and human intervention, ensuring business continuity for critical operations.

  • Autonomous threat containment
  • Rapid remediation workflows
  • Reduced mean time to respond
IoT

Zero Trust & IoT Access Management

Implement dynamic, AI-driven access policies based on user behavior and context, enforcing true Zero Trust principles across your entire ecosystem, including all IoT devices (from industrial sensors to hobbyist boards).

  • Adaptive authentication
  • Context-aware access controls
  • Continuous identity verification
Data

Data & Embedded Device Anomaly Detection

Our AI monitors data flows, access patterns, and behavior on all endpoints, including IoT and small compute boards like Raspberry Pi and Arduino, to detect unusual activities indicating potential insider threats or data exfiltration.

  • User and entity behavior analytics (UEBA)
  • IoT device integrity monitoring
  • Automated alerts for sensitive data
Cloud

Cloud Security Posture Management

AI continuously assesses your cloud environments for misconfigurations, compliance deviations, and vulnerabilities, ensuring a strong security posture crucial for any high-security project.

  • Continuous compliance monitoring
  • Vulnerability prioritization
  • Automated policy enforcement
SOC

AI-Enhanced Security Operations Center (SOC)

Augment your human analysts with advanced AI capabilities for faster threat hunting, intelligent alert correlation, and significantly reduced alert fatigue, ensuring comprehensive cyber security.

  • Intelligent alert triage
  • Automated threat hunting
  • Reduced false positives

Why it matters now

AI security for real devices, in real conditions

01

Lightweight by design

Research is focused on constrained environments where memory, power, latency, and cost matter.

02

Multi-modal evidence

Visual malware patterns can be paired with structural byte features to reduce reliance on a single signal.

03

Useful for edge systems

ESP32s and Raspberry Pis can support distributed experiments for monitoring, collection, and lightweight analysis.

04

Built from current AI

The work treats AI as an available engineering tool that can be tested, measured, and improved today.

Research notes

Latest PhD updates

Nearly There: ESP32s, Raspberry Pis, and the Next Stage of My PhD Research

By Phil Steadman | May 19, 2026

I am now getting close to the end of my PhD research, and the work is becoming more practical and exciting. The core question has stayed the same: how can artificial intelligence help detect malware in environments where traditional security tooling is too heavy, too slow, or too dependent on cloud-scale resources?

A particularly interesting direction has been looking at ESP32s and Raspberry Pis together. On their own, these devices have very different strengths. ESP32s are low-cost, low-power microcontrollers that can sit close to sensors and simple networked devices. Raspberry Pis provide more compute and flexibility, making them useful as small edge gateways or local analysis nodes. Used together, they create a practical testbed for exploring distributed security monitoring at the edge.

This connects directly with my recent work on multi-modal malware detection. In the paper draft, I explored how visual malware representations can be combined with structural byte and header features, rather than relying on a single stream of evidence. That matters because modern malware can use packing, polymorphism, and other evasion techniques to make one view of a file less reliable. Combining different views gives the model more context.

The next challenge is not just improving model accuracy on datasets such as MalwareVision-2025 and Malimg. It is understanding how these ideas can move toward real, resource-constrained hardware. A Raspberry Pi might handle feature extraction, local coordination, or lightweight inference, while ESP32 devices could help collect signals from the environment or act as part of a distributed sensing layer.

What makes this exciting is that the hardware is accessible. This is AI being tested now, on devices that students, researchers, hobbyists, and small teams can actually afford. As I approach the end of the PhD, that practical bridge between research and real-world edge security is where I want the work to go next.

Halfway There: My PhD Journey in AI-Driven Malware Detection on Small Compute Boards

By Phil Steadman | June 18, 2025

It's an exciting time to be in cybersecurity, especially with the rapid advancements in Artificial Intelligence. I'm thrilled to share that I'm now halfway through my PhD journey, focusing on a fascinating and crucial area: the detection of malware using artificial intelligence on small compute boards.

For years, the power of AI in cybersecurity has been evident in large-scale data centers and cloud environments. However, the proliferation of IoT devices - from industrial sensors to consumer gadgets, and even popular hobbyist platforms like Raspberry Pi and Arduino - presents a unique challenge. These devices often have limited computational resources, making traditional, heavy-duty malware detection methods impractical.

My research delves into developing lightweight, efficient AI models capable of identifying sophisticated malware behavior directly on these resource-constrained devices. This involves exploring novel machine learning techniques that can operate effectively with minimal memory and processing power, providing a crucial layer of defense for the expanding IoT landscape and other high-security projects where every byte and cycle counts.

The implications for real-world cyber security are immense. Smart home devices, embedded systems in critical infrastructure, and custom-built robotics projects all need stronger protection at the edge. This work is not just academic; it's about building a more secure digital foundation for everyone.

I'm looking forward to sharing more updates as I progress. Stay tuned for insights into my findings and how this research can contribute to practical, AI-driven cyber security solutions.

Contact

Discuss edge security research or advisory work

Talk to Steadnet Cyber about AI malware detection, embedded security research, and practical approaches for IoT and small compute environments.

Contact Steadnet Cyber

Phil Steadman, Cyber Security Leader

Email: phil@steadnet.com