Analyzing Hardware Based Malware Detectors

Patel, Nisarg; Sasan, Avesta; Homayoun, Houman

doi:10.1145/3061639.3062202

Cited by 60 publications

(28 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There also exist traditional approaches such as semantic [28], [29], [30] and signaturebased [31], [32], [33] solutions including off-the-shelf antiviruses as well. However, most of these techniques are slow, and require large computational resources and memory [34], [35], [36], [37], making them infeasible to be adopted in IoT and resource constrained devices. Furthermore, the emergence of new malware threats often requires patching or updating off-the-shelf software-based malware detection solutions (such as anti-virus) and incurs a large amount of memory, hardware resources, as well as network communication bandwidth.…”

Section: ) Limited Resource Availabilitymentioning

confidence: 99%

“…In addition, due to limited computing resources at the node-level, sophisticated and highly accurate malware detection solutions cannot be afforded [36], [39], [34], [35]. Consequently, deploying a semi-accurate malware detection method and a proactive approach such as immediately disconnecting the links in the network, while can confine malware, but also impact network performance and throughput, or even can result in communication loss, which is detrimental to the network performance.…”

Section: ) Limited Resource Availabilitymentioning

confidence: 99%

“…The process of malware detection on IoT nodes is illustrated in the left zoom-out box of Figure 1. A runtime malware detection is adopted from a recent work [36], where it is considered the devices that has embedded processor and utilizes ML for malware detection, similar to [34], [35], [36], [49]. However, one can accommodate other malware detection techniques, as long as it can provide an estimate of node-level infection.…”

Section: A Iot Network Architecturementioning

confidence: 99%

“…We perform feature reduction using correlation extraction and observe a limited number (four) of critical HPCs for malware detection due to limited resource availability. We employ JRip ML classifier for malware detection, similar to that in [34], [36], which achieves an accuracy of 91.08% with 1 clock-cycle latency. This is also explained in Appendix -B.…”

Section: A Experimental Setupmentioning

confidence: 99%

“…To perform effective node-level malware detection in IoT network, we adopt a lightweight, hardware-assisted malware detection technique (HMD) recently proposed in [34], [36]. We briefly describe the adopted technique below.…”

Section: Hardware-assisted Runtime Malware Detectionmentioning

confidence: 99%

See 4 more Smart Citations

Cognitive and Scalable Technique for Securing IoT Networks Against Malware Epidemics

et al. 2020

Self Cite

View full text Add to dashboard Cite

The sheer volume of IoT networks being deployed today presents a major "attack surface" and poses significant security risks at a scale never encountered before. In other words, a single IoT device/node that gets infected with malware has the potential to spread the malicious activities across the network, eventually ceasing the network functionality or compromising the network. Simply detecting and quarantining the malware in IoT networks does not guarantee preventing malware propagation. On the other hand, use of traditional control theory for malware confinement is not effective, as most of the existing works do not consider real-time malware control strategies that can be implemented using uncertain infection information from the nodes in the network or have the containment problem decoupled from network performance. In response, in this work, we propose a two-pronged approach with malware detection at nodelevel, and confinement of malware at network-level. We deploy a recently proposed lightweight runtime malware detector at the node-level that employs Hardware Performance Counter (HPC) values for malware detection. This node-level malware information is combined with the malware propagation information and then fed during runtime to a stochastic predictive controller to confine the malware propagation without hampering the network performance. Synthesizing the node-level malware information with the model predictive containment strategy leads to achieving an average network throughput of nearly 200% of that of IoT network without any defense, and up to 160% of that of network with commonly employed state-ofthe-art heuristic approaches for malware confinement. Furthermore, to scale with ever-increasing network topology sizes, we introduce a novel multi-attribute graph translation that can predict the network topology and node state information when provided with a snapshot of topology and node-level malware infection. The proposed multi-attribute graph translation has <5.88 Root Mean Square Error (RMSE) compared to the model predictive containment strategy and has shown nearly constant graph translation time and limited resource utilization independent of the network size.

show abstract