Actionable Malware Classification in Embedded Environments using Hardware Performance Counters

Martin Rosso, Joost Renes, Nikita Veshchikov, Eduardo Alvarenga, Jerry den Hartog

Onderzoeksoutput: Bijdrage aan congresPoster

115 Downloads (Pure)

Samenvatting

Widespread use of connected embedded devices as well as the increase of their computational power makes them a desirable target for cyber attacks. Detecting such attacks early allows to stop their propagation and limit their impact. Contrasting previous works aiming to detect attacks using hardware performance counters, we conduct an initial feasibility study on the classification of types of attacks. Classification of an ongoing attack allows to choose a more suitable mitigation against the attack and thus to react to different types of attacks appropriately. During our experiments we collect more than 2.5 million execution traces from real hardware devices to build a simple anomaly classifier. Using decision tree algorithms, we analyzed more than 20 common use cases and the impact of 4 different attacks on the device. Our evaluation shows that hardware performance counters are useful for attack detection as well as for their classification. This technique can be implemented very efficiently with minimal overhead in software or in hardware even on low-end embedded systems.
Originele taal-2Engels
StatusGepubliceerd - 12 dec. 2021
EvenementSPACE 2021: Eleventh International Conference on
Security, Privacy and Applied Cryptographic Engineering
- [Online]
Duur: 10 dec. 202113 dec. 2021
Congresnummer: 11
https://cse.iitkgp.ac.in/conf/SPACE2021/

Congres

CongresSPACE 2021: Eleventh International Conference on
Security, Privacy and Applied Cryptographic Engineering
Verkorte titelSPACE 2021
Periode10/12/2113/12/21
Internet adres

Vingerafdruk

Duik in de onderzoeksthema's van 'Actionable Malware Classification in Embedded Environments using Hardware Performance Counters'. Samen vormen ze een unieke vingerafdruk.

Citeer dit