Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning-Reference-Cited by-同舟云学术

Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning

Published:2024-02-02 Issue:3 Volume:24 Page:983
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Kose Nuri Alperen¹^ORCID,Jinad Razaq¹,Rasheed Amar¹,Shashidhar Narasimha¹,Baza Mohamed²^ORCID,Alshahrani Hani³^ORCID

Affiliation:

1. Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA

2. Department of Computer Science, College of Charleston, Charleston, SC 29424, USA

3. Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia

Abstract

Embedded system technologies are increasingly being incorporated into manufacturing, smart grid, industrial control systems, and transportation systems. However, the vast majority of today’s embedded platforms lack the support of built-in security features which makes such systems highly vulnerable to a wide range of cyber-attacks. Specifically, they are vulnerable to malware injection code that targets the power distribution system of an ARM Cortex-M-based microcontroller chipset (ARM, Cambridge, UK). Through hardware exploitation of the clock-gating distribution system, an attacker is capable of disabling/activating various subsystems on the chip, compromising the reliability of the system during normal operation. This paper proposes the development of an Intrusion Detection System (IDS) capable of detecting clock-gating malware deployed on ARM Cortex-M-based embedded systems. To enhance the robustness and effectiveness of our approach, we fully implemented, tested, and compared six IDSs, each employing different methodologies. These include IDSs based on K-Nearest Classifier, Random Forest, Logistic Regression, Decision Tree, Naive Bayes, and Stochastic Gradient Descent. Each of these IDSs was designed to identify and categorize various variants of clock-gating malware deployed on the system. We have analyzed the performance of these IDSs in terms of detection accuracy against various types of clock-gating malware injection code. Power consumption data collected from the chipset during normal operation and malware code injection attacks were used for models’ training and validation. Our simulation results showed that the proposed IDSs, particularly those based on K-Nearest Classifier and Logistic Regression, were capable of achieving high detection rates, with some reaching a detection rate of 0.99. These results underscore the effectiveness of our IDSs in protecting ARM Cortex-M-based embedded systems against clock-gating malware.

Funder

Najran University

Publisher

MDPI AG

Link

https://www.mdpi.com/1424-8220/24/3/983/pdf

Reference34 articles.

1. Rasheed, A.A., Varol, H., and Baza, M. (2021, January 28–29). Clock-gating-Assisted Malware (CGAM): Leveraging Clock-Gating on ARM Cortex M for Attacking Subsystems Availability. Proceedings of the 2021 9th International Symposium on Digital Forensics and Security (ISDFS), Elazig, Turkey.

2. Stateless Malware Packet Detection by Incorporating Naive Bayes with Known Malware Signatures;Ismail;Appl. Comput. Intell. Soft Comput.,2014

3. Bace, R., and Mell, P. (2001). Intrusion Detection Systems, National Institute of Standards and Technology (NIST). Technical Report 800-31.

4. Stavroulakis, P., and Stamp, M. (2010). Handbook of Information and Communication Security, Springer Science & Business Media.

5. Rasheed, A., Baza, M., Khan, M., Karpoor, N., Varol, C., and Srivastava, G. (2023, January 19–22). Using Authenticated Encryption for Securing Controller Area Networks in Autonomous Mobile Platforms. Proceedings of the 2023 26th International Symposium On Wireless Personal Multimedia Communications (WPMC), Tampa, FL, USA.