TPE-Det:通过硬件痕迹分析对抗物联网恶意软件的防篡改外部探测器

IF 2.7 3区 计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE
Ziming Zhao;Zhaoxuan Li;Tingting Li;Fan Zhang
{"title":"TPE-Det:通过硬件痕迹分析对抗物联网恶意软件的防篡改外部探测器","authors":"Ziming Zhao;Zhaoxuan Li;Tingting Li;Fan Zhang","doi":"10.1109/TCAD.2024.3444712","DOIUrl":null,"url":null,"abstract":"With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. A series of solutions based on system calls, system logs, or hardware performance counters achieve promising results. However, such internal monitors are easily tampered with, especially against adaptive adversaries. In addition, existing system log records typically exhibit substantial volume, resulting in data explosion problems. In this article, we present TPE-Det, a side-channel-based external monitor to cope with these issues. Specifically, TPE-Det leverages the serial peripheral interface bus to extract the on-chip traces and designs a recovery pipeline for operating logs. The advantages of this external monitor are adversary-unperceived and tamper-proof. The restored logs mainly include file operation commands, which are lightweight compared to complete records. Meanwhile, we deploy a series of machine learning models with respect to statistical, sequence, and graph features to identify malware. Empirical evaluation shows that our proposal has tamper-proof capability, high-detection accuracy, and low-time/space overhead compared to state-of-the-art methods.","PeriodicalId":13251,"journal":{"name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","volume":"43 11","pages":"3455-3466"},"PeriodicalIF":2.7000,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TPE-Det: A Tamper-Proof External Detector via Hardware Traces Analysis Against IoT Malware\",\"authors\":\"Ziming Zhao;Zhaoxuan Li;Tingting Li;Fan Zhang\",\"doi\":\"10.1109/TCAD.2024.3444712\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. A series of solutions based on system calls, system logs, or hardware performance counters achieve promising results. However, such internal monitors are easily tampered with, especially against adaptive adversaries. In addition, existing system log records typically exhibit substantial volume, resulting in data explosion problems. In this article, we present TPE-Det, a side-channel-based external monitor to cope with these issues. Specifically, TPE-Det leverages the serial peripheral interface bus to extract the on-chip traces and designs a recovery pipeline for operating logs. The advantages of this external monitor are adversary-unperceived and tamper-proof. The restored logs mainly include file operation commands, which are lightweight compared to complete records. Meanwhile, we deploy a series of machine learning models with respect to statistical, sequence, and graph features to identify malware. Empirical evaluation shows that our proposal has tamper-proof capability, high-detection accuracy, and low-time/space overhead compared to state-of-the-art methods.\",\"PeriodicalId\":13251,\"journal\":{\"name\":\"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems\",\"volume\":\"43 11\",\"pages\":\"3455-3466\"},\"PeriodicalIF\":2.7000,\"publicationDate\":\"2024-11-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10745786/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10745786/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

随着物联网(IoT)设备的广泛使用,恶意软件检测已成为学术界和工业界的热点。一系列基于系统调用、系统日志或硬件性能计数器的解决方案取得了可喜的成果。然而,这些内部监控器很容易被篡改,尤其是面对自适应对手时。此外,现有的系统日志记录通常数量巨大,会导致数据爆炸问题。在本文中,我们将介绍一种基于侧信道的外部监控器 TPE-Det,以解决这些问题。具体来说,TPE-Det 利用串行外设接口总线提取片上痕迹,并为运行日志设计了一个恢复管道。这种外部监控器的优点是对手无法察觉和防篡改。恢复的日志主要包括文件操作命令,与完整的记录相比非常轻量级。同时,我们在统计、序列和图特征方面部署了一系列机器学习模型来识别恶意软件。经验评估表明,与最先进的方法相比,我们的建议具有防篡改能力、高检测准确性和低时间/空间开销。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
TPE-Det: A Tamper-Proof External Detector via Hardware Traces Analysis Against IoT Malware
With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. A series of solutions based on system calls, system logs, or hardware performance counters achieve promising results. However, such internal monitors are easily tampered with, especially against adaptive adversaries. In addition, existing system log records typically exhibit substantial volume, resulting in data explosion problems. In this article, we present TPE-Det, a side-channel-based external monitor to cope with these issues. Specifically, TPE-Det leverages the serial peripheral interface bus to extract the on-chip traces and designs a recovery pipeline for operating logs. The advantages of this external monitor are adversary-unperceived and tamper-proof. The restored logs mainly include file operation commands, which are lightweight compared to complete records. Meanwhile, we deploy a series of machine learning models with respect to statistical, sequence, and graph features to identify malware. Empirical evaluation shows that our proposal has tamper-proof capability, high-detection accuracy, and low-time/space overhead compared to state-of-the-art methods.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
5.60
自引率
13.80%
发文量
500
审稿时长
7 months
期刊介绍: The purpose of this Transactions is to publish papers of interest to individuals in the area of computer-aided design of integrated circuits and systems composed of analog, digital, mixed-signal, optical, or microwave components. The aids include methods, models, algorithms, and man-machine interfaces for system-level, physical and logical design including: planning, synthesis, partitioning, modeling, simulation, layout, verification, testing, hardware-software co-design and documentation of integrated circuit and system designs of all complexities. Design tools and techniques for evaluating and designing integrated circuits and systems for metrics such as performance, power, reliability, testability, and security are a focus.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信