Hardware assisted malware detection for embedded systems

Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not se...

Full description

Saved in:
Bibliographic Details
Main Author: Nur Insyirah Lukeman
Other Authors: Lam Siew Kei
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2022
Subjects:
Online Access:https://hdl.handle.net/10356/157223
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-157223
record_format dspace
spelling sg-ntu-dr.10356-1572232022-05-11T05:35:11Z Hardware assisted malware detection for embedded systems Nur Insyirah Lukeman Lam Siew Kei School of Computer Science and Engineering ASSKLam@ntu.edu.sg Engineering::Computer science and engineering Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not serve as a solution as this approach is unable to deliver the necessary security protection for these systems and may not be effective. As such, several researchers have attempted to develop tools for malware detection on the hardware level. In this paper, we aim to propose a lightweight malware detection tool using hardware performance counters (HPC) as a form of protection against malware for embedded systems. HPC provides a high-level abstraction layer that have been used to collect, monitor, and measure various system data, as well as examine resource usage. This approach aims to exploit HPC on ARM-based embedded systems and perform analysis as well as identify any malicious behaviour from its intended behaviour. The tool is designed to extract and differentiate the HPC data into two sets, malware and benign. The collection of HPC data comes from selected operating systems programs when any malware or benign programs are running in the embedded systems. Through a statistical approach, these HPC values are analysed and a distance metric, denoted as λ is used to evaluate if program running is its intended benign behaviour. With the historical data obtained, we perform an offline testing and implemented this malware detection methodology on a NVIDIA® Jetson Xavier™ NX Development Board operating on embedded Linux and Desay SV Automotive third-generation Intelligent Processing Unit (IPU-03) operating on QNX. Lastly, we propose a windowing technique to capture malware detection which centres on collection of the HPC data and evaluation of λ-value of the system at specific intervals continuously. Bachelor of Engineering (Computer Engineering) 2022-05-11T05:35:11Z 2022-05-11T05:35:11Z 2022 Final Year Project (FYP) Nur Insyirah Lukeman (2022). Hardware assisted malware detection for embedded systems. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/157223 https://hdl.handle.net/10356/157223 en SCSE21-0003 application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
spellingShingle Engineering::Computer science and engineering
Nur Insyirah Lukeman
Hardware assisted malware detection for embedded systems
description Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not serve as a solution as this approach is unable to deliver the necessary security protection for these systems and may not be effective. As such, several researchers have attempted to develop tools for malware detection on the hardware level. In this paper, we aim to propose a lightweight malware detection tool using hardware performance counters (HPC) as a form of protection against malware for embedded systems. HPC provides a high-level abstraction layer that have been used to collect, monitor, and measure various system data, as well as examine resource usage. This approach aims to exploit HPC on ARM-based embedded systems and perform analysis as well as identify any malicious behaviour from its intended behaviour. The tool is designed to extract and differentiate the HPC data into two sets, malware and benign. The collection of HPC data comes from selected operating systems programs when any malware or benign programs are running in the embedded systems. Through a statistical approach, these HPC values are analysed and a distance metric, denoted as λ is used to evaluate if program running is its intended benign behaviour. With the historical data obtained, we perform an offline testing and implemented this malware detection methodology on a NVIDIA® Jetson Xavier™ NX Development Board operating on embedded Linux and Desay SV Automotive third-generation Intelligent Processing Unit (IPU-03) operating on QNX. Lastly, we propose a windowing technique to capture malware detection which centres on collection of the HPC data and evaluation of λ-value of the system at specific intervals continuously.
author2 Lam Siew Kei
author_facet Lam Siew Kei
Nur Insyirah Lukeman
format Final Year Project
author Nur Insyirah Lukeman
author_sort Nur Insyirah Lukeman
title Hardware assisted malware detection for embedded systems
title_short Hardware assisted malware detection for embedded systems
title_full Hardware assisted malware detection for embedded systems
title_fullStr Hardware assisted malware detection for embedded systems
title_full_unstemmed Hardware assisted malware detection for embedded systems
title_sort hardware assisted malware detection for embedded systems
publisher Nanyang Technological University
publishDate 2022
url https://hdl.handle.net/10356/157223
_version_ 1734310123935891456