Hardware assisted malware detection for embedded systems
Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not se...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
Nanyang Technological University
2022
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/157223 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-157223 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1572232022-05-11T05:35:11Z Hardware assisted malware detection for embedded systems Nur Insyirah Lukeman Lam Siew Kei School of Computer Science and Engineering ASSKLam@ntu.edu.sg Engineering::Computer science and engineering Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not serve as a solution as this approach is unable to deliver the necessary security protection for these systems and may not be effective. As such, several researchers have attempted to develop tools for malware detection on the hardware level. In this paper, we aim to propose a lightweight malware detection tool using hardware performance counters (HPC) as a form of protection against malware for embedded systems. HPC provides a high-level abstraction layer that have been used to collect, monitor, and measure various system data, as well as examine resource usage. This approach aims to exploit HPC on ARM-based embedded systems and perform analysis as well as identify any malicious behaviour from its intended behaviour. The tool is designed to extract and differentiate the HPC data into two sets, malware and benign. The collection of HPC data comes from selected operating systems programs when any malware or benign programs are running in the embedded systems. Through a statistical approach, these HPC values are analysed and a distance metric, denoted as λ is used to evaluate if program running is its intended benign behaviour. With the historical data obtained, we perform an offline testing and implemented this malware detection methodology on a NVIDIA® Jetson Xavier™ NX Development Board operating on embedded Linux and Desay SV Automotive third-generation Intelligent Processing Unit (IPU-03) operating on QNX. Lastly, we propose a windowing technique to capture malware detection which centres on collection of the HPC data and evaluation of λ-value of the system at specific intervals continuously. Bachelor of Engineering (Computer Engineering) 2022-05-11T05:35:11Z 2022-05-11T05:35:11Z 2022 Final Year Project (FYP) Nur Insyirah Lukeman (2022). Hardware assisted malware detection for embedded systems. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/157223 https://hdl.handle.net/10356/157223 en SCSE21-0003 application/pdf Nanyang Technological University |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Engineering::Computer science and engineering |
spellingShingle |
Engineering::Computer science and engineering Nur Insyirah Lukeman Hardware assisted malware detection for embedded systems |
description |
Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not serve as a solution as this approach is unable to deliver the necessary security protection for these systems and may not be effective. As such, several researchers have attempted to develop tools for malware detection on the hardware level. In this paper, we aim to propose a lightweight malware detection tool using hardware performance counters (HPC) as a form of protection against malware for embedded systems. HPC provides a high-level abstraction layer that have been used to collect, monitor, and measure various system data, as well as examine resource usage. This approach aims to exploit HPC on ARM-based embedded systems and perform analysis as well as identify any malicious behaviour from its intended behaviour. The tool is designed to extract and differentiate the HPC data into two sets, malware and benign. The collection of HPC data comes from selected operating systems programs when any malware or benign programs are running in the embedded systems. Through a statistical approach, these HPC values are analysed and a distance metric, denoted as λ is used to evaluate if program running is its intended benign behaviour.
With the historical data obtained, we perform an offline testing and implemented this malware detection methodology on a NVIDIA® Jetson Xavier™ NX Development Board operating on embedded Linux and Desay SV Automotive third-generation Intelligent Processing Unit (IPU-03) operating on QNX. Lastly, we propose a windowing technique to capture malware detection which centres on collection of the HPC data and evaluation of λ-value of the system at specific intervals continuously. |
author2 |
Lam Siew Kei |
author_facet |
Lam Siew Kei Nur Insyirah Lukeman |
format |
Final Year Project |
author |
Nur Insyirah Lukeman |
author_sort |
Nur Insyirah Lukeman |
title |
Hardware assisted malware detection for embedded systems |
title_short |
Hardware assisted malware detection for embedded systems |
title_full |
Hardware assisted malware detection for embedded systems |
title_fullStr |
Hardware assisted malware detection for embedded systems |
title_full_unstemmed |
Hardware assisted malware detection for embedded systems |
title_sort |
hardware assisted malware detection for embedded systems |
publisher |
Nanyang Technological University |
publishDate |
2022 |
url |
https://hdl.handle.net/10356/157223 |
_version_ |
1734310123935891456 |