Hardware-assisted malware detection for embedded systems
Side-channel attacks (SCAs) have risen to prominence in recent years, due to the advancement of measurement technology and machine learning algorithms. This project aims to detect the presence of such attacks on embedded systems, which have gained relevance with the advent of Internet-of-Things (...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/162691 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-162691 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1626912022-11-07T05:33:30Z Hardware-assisted malware detection for embedded systems Chua, Penelope Hui Eng Lam Siew Kei School of Computer Science and Engineering ASSKLam@ntu.edu.sg Engineering::Computer science and engineering::Hardware::Register-transfer-level implementation Side-channel attacks (SCAs) have risen to prominence in recent years, due to the advancement of measurement technology and machine learning algorithms. This project aims to detect the presence of such attacks on embedded systems, which have gained relevance with the advent of Internet-of-Things (IOT) technology, by analysing hardware-level behavioural changes through the inspection of in-built Hardware Performance Counters (HPCs). In this report, the configuration of a Flush+Reload cache-based side-channel attack was conducted on an ARM device through ARMageddon, with data collection of the HPCs done through the perf command line utility on Linux to characterise system behaviour under both normal and attacked states. Feature analysis and selection were conducted to isolate the relevant affected events, and machine learning approaches such as Neural Networks and XGBoost were used to predict the compromise of a system. Relevant HPCs in side-channel attack detection were found to mainly fall under hardware events and hardware-cache events, while software events remained largely unaffected. High model accuracies for XGBoost (99.99%) and Decision Trees (99.96%) were attained, indicating the feasibility of implementing a lightweight and accurate solution for real-time detection in future studies. Keywords: Side-channel Attacks, Micro-architectural Events, Hardware Performance Counters, Embedded Systems, Flush+Reload Bachelor of Engineering Science (Computer Science) 2022-11-07T05:33:30Z 2022-11-07T05:33:30Z 2022 Final Year Project (FYP) Chua, P. H. E. (2022). Hardware-assisted malware detection for embedded systems. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/162691 https://hdl.handle.net/10356/162691 en SCSE21-0702 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Hardware::Register-transfer-level implementation |
| spellingShingle |
Engineering::Computer science and engineering::Hardware::Register-transfer-level implementation Chua, Penelope Hui Eng Hardware-assisted malware detection for embedded systems |
| description |
Side-channel attacks (SCAs) have risen to prominence in recent years, due to the advancement of
measurement technology and machine learning algorithms. This project aims to detect the presence of
such attacks on embedded systems, which have gained relevance with the advent of Internet-of-Things
(IOT) technology, by analysing hardware-level behavioural changes through the inspection of in-built
Hardware Performance Counters (HPCs).
In this report, the configuration of a Flush+Reload cache-based side-channel attack was conducted on an
ARM device through ARMageddon, with data collection of the HPCs done through the perf command
line utility on Linux to characterise system behaviour under both normal and attacked states. Feature
analysis and selection were conducted to isolate the relevant affected events, and machine learning
approaches such as Neural Networks and XGBoost were used to predict the compromise of a system.
Relevant HPCs in side-channel attack detection were found to mainly fall under hardware events and
hardware-cache events, while software events remained largely unaffected. High model accuracies for
XGBoost (99.99%) and Decision Trees (99.96%) were attained, indicating the feasibility of implementing
a lightweight and accurate solution for real-time detection in future studies.
Keywords: Side-channel Attacks, Micro-architectural Events, Hardware Performance Counters,
Embedded Systems, Flush+Reload |
| author2 |
Lam Siew Kei |
| author_facet |
Lam Siew Kei Chua, Penelope Hui Eng |
| format |
Final Year Project |
| author |
Chua, Penelope Hui Eng |
| author_sort |
Chua, Penelope Hui Eng |
| title |
Hardware-assisted malware detection for embedded systems |
| title_short |
Hardware-assisted malware detection for embedded systems |
| title_full |
Hardware-assisted malware detection for embedded systems |
| title_fullStr |
Hardware-assisted malware detection for embedded systems |
| title_full_unstemmed |
Hardware-assisted malware detection for embedded systems |
| title_sort |
hardware-assisted malware detection for embedded systems |
| publisher |
Nanyang Technological University |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/162691 |
| _version_ |
1749179196901425152 |