SideGuard: Non-Invasive On-Chip Malware Detection in Heterogeneous IoT Systems by Leveraging Side-Channels

被引:0
|
作者
Arkannezhad, Fatemeh [1 ]
Aghanoury, Pooya [1 ]
Feng, Justin [1 ]
Khalili, Hossein [1 ]
Sehatbakhsh, Nader [1 ]
机构
[1] Univ Calif Los Angeles, ECE Dept, SsysArch Lab, Los Angeles, CA 90095 USA
来源
PROCEEDINGS 45TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS, SPW 2024 | 2024年
关键词
D O I
10.1109/SPW63631.2024.00030
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
As heterogeneous systems become more common and diverse in IoT and CPS settings, securing these systems against malware has become a daunting task. To combat this, real-time hardware and/or (hardware-)software malware detection has gained popularity. Hardware malware detectors are effective but often require invasive changes to the CPU, hence limiting their usefulness in diverse settings. Software methods are non-invasive but often come with large performance overheads and/or disruptions to the main functionality of the device. This study proposes SideGuard, a new, non-invasive approach for detecting malware by analyzing the system's internal power consumption. With a tailored power sensor, our method utilizes this measured power consumption signal as a stand-in for program behavior. It collects training data, understanding how signals should appear in different program sections during proper execution. It then monitors execution, identifying instances where the observed signal deviates from the expected ones. For monitoring, the crucial idea is to indirectly measure power using customized sensors on an embedded FPGA or co-processor common in modern heterogeneous IoT systems. Notably, the monitoring unit (e.g., embedded FPGA) doesn't need a direct CPU connection but simply shares the power source, offering a key advantage: the malware detection unit requires no CPU changes, resulting in zero performance, power, and area overhead for the main CPU. Implementing this idea requires addressing several new challenges compared to prior work. Specifically, we introduce a new software-signal processing co-design approach. Results show that our approach can achieve >95% accuracy in detecting real-world malware. As heterogeneous IoT systems become more common, we believe our method is a strong contender for securing future hardware systems.
引用
收藏
页码:253 / 259
页数:7
相关论文
共 3 条
  • [1] On-Chip Photonic Detection Techniques for Non-Invasive In Situ Characterizations at the Microfluidic Scale
    Kurdadze, Tamar
    Lamadie, Fabrice
    Nehme, Karen A.
    Teychene, Sebastien
    Biscans, Beatrice
    Rodriguez-Ruiz, Isaac
    SENSORS, 2024, 24 (05)
  • [2] On-chip, non-invasive detection of all atrial arrhythmias for immediate and accurate characterization in adult rats
    Deng, S.
    Portero, V.
    Den Ouden, B. L.
    Bart, C. I.
    Bax, W. H.
    Hu, X.
    De Vries, A. A. F.
    Zhang, G. Q.
    Pijnappels, D. A.
    EUROPEAN HEART JOURNAL, 2023, 44
  • [3] A non-invasive analysis method for on-chip spectrophotometric detection using liquid-core waveguiding within a 3D architecture
    Duggan, MP
    McCreedy, T
    Aylott, JW
    ANALYST, 2003, 128 (11) : 1336 - 1340