Updatable Decision Tree in Malware Detection Hardware Using Processor Information

Recently, IoT devices are increasingly used in many fields. Accordingly, many cyber attacks targeted IoT devices such as malware Mirai. However, it is difficult to install anti-malware applications to IoT devices due to having few computer resources. The previous research addresses this problem by creating a mechanism that utilizes machine learning on processor information obtained from CPU to distinguish malware. The mechanism was created using a random forest. Additionally, the mechanism is implemented in hardware to determine whether the program running on the CPU is malware. However, the mechanism has a fixed learning data for the classifier. Thus, there is an issue where it cannot correctly determine malware when a new malware emerges or when significant changes are made to firmware. Therefore, we suggest and make a mechanism to rewrite learning data inside the classifier from outside it in this study and simulate the mechanism.