Side-Channel Assisted Malware Classifier with Gradient Descent Correction for Embedded Platforms

Manaar Alam, Debdeep Mukhopadhyay, Sai Praveen Kadiyala, Siew Kei Lam, Thambipillai Srikanthan
unpublished
Malware detection is still one of the difficult problems in computer security because of the occurrence of newer varieties of malware programs. There has been an enormous effort in developing a generalised solution to this problem, but a little has been done considering the security of resource constraint embedded devices. In this paper, we at- tempt to develop a lightweight malware detection tool designed specifically for embedded platforms using micro-architectural side-channel information
more » ... ained through Hardware Performance Counters (HPCs). The methodology aims to develop a distance metric, called λ, for a given program from a benign set of programs which are expected to execute in the embedded environment. The distance metric is decided based on observations from carefully chosen features, which are tuples of high-level system calls along with low-level HPC events. An ideal λ-value for a malicious program is 1, as opposed to 0 for a benign program. However, in reality, the efficacy of λ to classify a malware largely depends on the proper assignment of weights to the features. We employ a gradient-descent based learning mechanism to determine optimal choices for these weights. We justify through experimental results on an embedded Linux running on an ARM processor that such a side-channel based learning mechanism improves the classification accuracy significantly compared to an ad-hoc selection of the weights, and leads to significantly low false positives and false negatives in all our test cases.
doi:10.29007/5sdj fatcat:iudhpjn7r5hwzn42hsmbvi6xle