Hardware-assisted malware detection for embedded systems
Side-channel attacks (SCAs) have risen to prominence in recent years, due to the advancement of measurement technology and machine learning algorithms. This project aims to detect the presence of such attacks on embedded systems, which have gained relevance with the advent of Internet-of-Things (...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162691 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Side-channel attacks (SCAs) have risen to prominence in recent years, due to the advancement of
measurement technology and machine learning algorithms. This project aims to detect the presence of
such attacks on embedded systems, which have gained relevance with the advent of Internet-of-Things
(IOT) technology, by analysing hardware-level behavioural changes through the inspection of in-built
Hardware Performance Counters (HPCs).
In this report, the configuration of a Flush+Reload cache-based side-channel attack was conducted on an
ARM device through ARMageddon, with data collection of the HPCs done through the perf command
line utility on Linux to characterise system behaviour under both normal and attacked states. Feature
analysis and selection were conducted to isolate the relevant affected events, and machine learning
approaches such as Neural Networks and XGBoost were used to predict the compromise of a system.
Relevant HPCs in side-channel attack detection were found to mainly fall under hardware events and
hardware-cache events, while software events remained largely unaffected. High model accuracies for
XGBoost (99.99%) and Decision Trees (99.96%) were attained, indicating the feasibility of implementing
a lightweight and accurate solution for real-time detection in future studies.
Keywords: Side-channel Attacks, Micro-architectural Events, Hardware Performance Counters,
Embedded Systems, Flush+Reload |
|---|