Hardware-assisted Malware Detection for Securing Embedded Systems
dc.contributor.advisor | Basu, Kanad | |
dc.contributor.advisor | Tadesse, Yonas | |
dc.contributor.committeeMember | Bhatia, Dinesh | |
dc.contributor.committeeMember | Balsara, Poras | |
dc.contributor.committeeMember | Bennett, Terrell R | |
dc.creator | Kuruvila, Abraham Peedikayil | |
dc.date.accessioned | 2023-02-21T22:41:03Z | |
dc.date.available | 2023-02-21T22:41:03Z | |
dc.date.created | 2021-12 | |
dc.date.issued | 2021-12-01T06:00:00.000Z | |
dc.date.submitted | December 2021 | |
dc.date.updated | 2023-02-21T22:41:04Z | |
dc.description.abstract | In the era of Internet of Things (IoT), Malware has been proliferating exponentially over the past decade. Traditional Anti-Virus Software (AVS) is ineffective against modern complex Malware. In order to address this challenge, researchers have proposed hardware-assisted Malware detection using Hardware Performance Counters (HPCs). The HPCs are used to train a set of Machine learning (ML) classifiers, which are deployed as Hardware-assisted Malware Detectors (HMDs), and used to distinguish benign programs from Malware. Recently, adversarial attacks have been designed by introducing perturbations into HPC traces to misclassify a program for specific HPCs. The attacks function by inducing sleep and running dummy benign instructions to bolster the count of incurred HPCs. Furthermore, HPC-based techniques can suffer from a high false positive rate due to the similar executed instructions in both benign and malicious applications. Lastly, HPC-based detection can be infeasible in devices that do not possess HPCs or have limited profiling capabilities. This dissertation extends and explores various improvements to current HPC-based detection schemes in a multi-part operation. First, various different traditional ML classifiers are evaluated for HPC-based detection and this security is extended to automotive vehicles by securing an engine control unit from malicious attacks. Second, a Moving Target Defense (MTD) that dynamically changes the attack surface to jeopardize attackers’ endeavors, as well as Non-Differential HMDs (ND-HMDS), which use gradient free classifiers, is developed. Third, tailor-made HPCs, which sample assembly instructions from an application’s dynamic trace, are introduced as a solution for devices without HPCs in addition to providing better fine-grain precision for reducing false positives. Fourth, to further ameliorate the aforementioned problems, a Sequential Time Series-based Detection (SEQ-TSD) framework for identifying Malware is proposed that utilizes only a single HPC. Finally, an explainable HPC-based Malware technique that furnishes the location of the most malicious instruction is produced for providing human-readable results. | |
dc.format.mimetype | application/pdf | |
dc.identifier.uri | ||
dc.identifier.uri | https://hdl.handle.net/10735.1/9605 | |
dc.language.iso | en | |
dc.subject | Computer Science | |
dc.subject | Engineering, Electronics and Electrical | |
dc.title | Hardware-assisted Malware Detection for Securing Embedded Systems | |
dc.type | Thesis | |
dc.type.material | text | |
thesis.degree.college | School of Engineering and Computer Science | |
thesis.degree.department | Computer Engineering | |
thesis.degree.grantor | The University of Texas at Dallas | |
thesis.degree.name | PHD |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- KURUVILA-PRIMARY-2022-1.pdf
- Size:
- 6.86 MB
- Format:
- Adobe Portable Document Format