Runtime Malware Detection Using Embedded Trace Buffers

Elnaggar, Rana; Basu, Kanad; Chakrabarty, Krishnendu; Karri, Ramesh

doi:10.1109/tcad.2021.3052856

Cited by 4 publications

(1 citation statement)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their technique achieves a detection accuracy of 99.7%. In [10], the authors repurpose embedded trace buffers (ETB) which is an on chip circular memory buffer used for post-silicon validation available in modern processors, for malware detection and classification. This technique incurs zero area overhead to the original microprocessor core and achieves detection accuracy of 86.7% against malware.…”

Section: Related Workmentioning

confidence: 99%

Malware Detection in Embedded Devices using Artificial Hardware Immunity

Zareen

Amador

Karam

2023

Preprint

View full text Add to dashboard Cite

With the rapid proliferation of IoT devices and its growing usage in safety-critical systems, securing these devices from malicious attacks has become increasingly challenging. Due to the resource-constrained nature of IoT devices, real-time software-based malware detection is difficult or infeasible. Alternatively, a promising approach is utilizing hardware malware detection techniques. In this paper, we introduce a novel Hardware Immune System (HWIS), a stand-alone, hardware-supported malware detection approach for microprocessors that leverages Artificial Immune Systems for detecting botnet activity. This technique is suitable for low-power, resource constrained and network facing embedded devices. The proposed model is capable of detecting botnet behavior with an accuracy of 96.7%, false negative rate of 6.5%, and F1-score of 0.96. We implemented and simulated the proposed architecture using 32nm low power PTM SPICE models and the Synopsys 32nm EDK and found the power and area overhead to be 2.57% and 5.25%, respectively, with no impact on delay, using a 28nm RISC-V CPU as a baseline.

show abstract

Section: Related Workmentioning

confidence: 99%

Malware Detection in Embedded Devices using Artificial Hardware Immunity

Zareen

Amador

Karam

2023

Preprint

View full text Add to dashboard Cite

show abstract

A Comprehensive Survey of various Cyber Attacks

Sharma

Galav

Sharma

2023

2023 6th International Conference on Information Systems and Computer Networks (ISCON)

View full text Add to dashboard Cite

PReFeR : P hysically Re lated F unction bas e d R emote Attestation Protocol

Mondal,

Gangopadhyay,

Chatterjee

et al. 2023

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

Remote attestation is a request-response based security service that permits a trusted entity (verifier) to check the current state of an untrusted remote device (prover). The verifier initiates the attestation process by sending an attestation challenge to the prover; the prover responds with its current state, which establishes its trustworthiness. Physically Unclonable Function (PUF) offers an attractive choice for hybrid attestation schemes owing to its low overhead security guarantees. However, this comes with the limitation of secure storage of the PUF model or large challenge-response database on the verifier end. To address these issues, in this work, we propose a hybrid attestation framework, named PReFeR , that leverages a new class of hardware primitive known as Physically Related Function (PReF) to remotely attest low-end devices without the requirement of secure storage or heavy cryptographic operations. It comprises a static attestation scheme that validates the memory state of the remote device prior to code execution, followed by a dynamic run-time attestation scheme that asserts the correct code execution by evaluating the content of special registers present in embedded systems, known as hardware performance counters (HPC). The use of HPCs in the dynamic attestation scheme mitigates the popular class of attack known as the time-of-check-time-of-use (TOCTOU) attack, which has broken several state-of-the-art hybrid attestation schemes. We demonstrate our protocol and present our experimental results using a prototype implementation on Digilent Cora Z7 board, a low-cost embedded platform, specially designed for IoT applications.

show abstract

Runtime Malware Detection Using Embedded Trace Buffers

Cited by 4 publications

References 36 publications

Malware Detection in Embedded Devices using Artificial Hardware Immunity

Malware Detection in Embedded Devices using Artificial Hardware Immunity

A Comprehensive Survey of various Cyber Attacks

PReFeR : P hysically Re lated F unction bas e d R emote Attestation Protocol

Contact Info

Product

Resources

About