ZeroD-fender: A Resource-aware IoT Malware Detection Engine via Fine-grained Side-channel Analysis-Reference-Cited by-同舟云学术

ZeroD-fender: A Resource-aware IoT Malware Detection Engine via Fine-grained Side-channel Analysis

Published:2024-08-24 Issue: Volume: Page:
ISSN:1084-4309
Container-title:ACM Transactions on Design Automation of Electronic Systems
language:en
Short-container-title:ACM Trans. Des. Autom. Electron. Syst.

Author:

li zhuoran¹^ORCID,Zhao Danella¹^ORCID

Affiliation:

1. Electrical and Computer Engineering, University of Arizona, Tucson, United States

Abstract

In early 2023, cyberattacks experienced a significant rise due to unknown (zero-day) malware targeting Internet of Things (IoT) devices. To tackle the challenge of zero-day detection within a highly resource-constrained IoT environment, we propose a novel design that utilizes fine-grained power side-channel analysis with deep learning techniques. Our approach introduces an innovative concept called “multiscale feature extraction” to identify the most representative malware features across diverse architectures, thereby enhancing deep learning-based detection performance against zero-day malware. Specifically, we employ a fine-grained power side-channel analysis of over 120,000 honeypot-collected malware files across a hierarchy of commands , functions , and modules to identify the unique zero-day malware behaviors. With these identified features to train our model, ZeroD-fender’s performance in detecting zero-day malware has significantly improved. In pursuit of on-device detection, we present a resource-aware online inference customization framework. This framework features our lightweight network, ThingNetV2, which uses specialized 1-D depthwise separable convolution paired with h-swish activation, leading to significant resource savings. By applying the fine-grained power analysis, ZeroD-fender demonstrates a detection rate of 95.88% across various architecture zero-day malware, achieving detection speeds ranging between 16.083 ms and 23.961 ms , depending on the specific scenario.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3687482

Reference44 articles.

1. Manaar Alam, Sayan Sinha, Sarani Bhattacharya, Swastika Dutta, Debdeep Mukhopadhyay, and Anupam Chattopadhyay. 2020. Rapper: Ransomware prevention via performance counters. arXiv preprint arXiv:2004.01712(2020).

2. Fahd Alhaidari, Nouran Abu Shaib, Maram Alsafi, Haneen Alharbi, Majd Alawami, Reem Aljindan, Atta-ur Rahman, Rachid Zagrouba, et al. 2022. ZeVigilante: detecting zero-day malware using machine learning and sandboxing analysis techniques. Computational Intelligence and Neuroscience 2022 (2022).

3. Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In Proceedings of the 26th USENIX Conference on Security Symposium. 1093–1110.

4. Side-channel security of superscalar CPUs : Evaluating the Impact of Micro-architectural Features

5. A Theoretical Study of Hardware Performance Counters-Based Malware Detection