Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning

被引：1

作者：

Kose, Nuri Alperen ^{[1
]}

Jinad, Razaq ^{[1
]}

Rasheed, Amar ^{[1
]}

Shashidhar, Narasimha ^{[1
]}

Baza, Mohamed ^{[2
]}

Alshahrani, Hani ^{[3
]}

机构：

[1] Sam Houston State Univ, Dept Comp Sci, Huntsville, TX 77340 USA

[2] Coll Charleston, Dept Comp Sci, Charleston, SC 29424 USA

[3] Najran Univ, Coll Comp Sci & Informat Syst, Dept Comp Sci, Najran 61441, Saudi Arabia

来源：

SENSORS | 2024年 / 24卷 / 03期

关键词：

malware; embedded systems; machine learning; intrusion detection; ARM cortex;

D O I：

10.3390/s24030983

中图分类号：

O65 [分析化学];

学科分类号：

070302 ; 081704 ;

摘要：

Embedded system technologies are increasingly being incorporated into manufacturing, smart grid, industrial control systems, and transportation systems. However, the vast majority of today's embedded platforms lack the support of built-in security features which makes such systems highly vulnerable to a wide range of cyber-attacks. Specifically, they are vulnerable to malware injection code that targets the power distribution system of an ARM Cortex-M-based microcontroller chipset (ARM, Cambridge, UK). Through hardware exploitation of the clock-gating distribution system, an attacker is capable of disabling/activating various subsystems on the chip, compromising the reliability of the system during normal operation. This paper proposes the development of an Intrusion Detection System (IDS) capable of detecting clock-gating malware deployed on ARM Cortex-M-based embedded systems. To enhance the robustness and effectiveness of our approach, we fully implemented, tested, and compared six IDSs, each employing different methodologies. These include IDSs based on K-Nearest Classifier, Random Forest, Logistic Regression, Decision Tree, Naive Bayes, and Stochastic Gradient Descent. Each of these IDSs was designed to identify and categorize various variants of clock-gating malware deployed on the system. We have analyzed the performance of these IDSs in terms of detection accuracy against various types of clock-gating malware injection code. Power consumption data collected from the chipset during normal operation and malware code injection attacks were used for models' training and validation. Our simulation results showed that the proposed IDSs, particularly those based on K-Nearest Classifier and Logistic Regression, were capable of achieving high detection rates, with some reaching a detection rate of 0.99. These results underscore the effectiveness of our IDSs in protecting ARM Cortex-M-based embedded systems against clock-gating malware.

引用

页数：21

共 34 条

[1] Bace R, 2001, NIST SPECIAL PUBLICA
[2] Casino M, 2019, 2019 4TH INTERNATIONAL CONFERENCE ON SYSTEM RELIABILITY AND SAFETY (ICSRS 2019), P136, DOI [10.1109/ICSRS48664.2019.8987605, 10.1109/icsrs48664.2019.8987605]
[3] Intelligent and behavioral-based detection of malware in IoT spectrum sensors
Celdran, Alberto Huertas
Sanchez, Pedro Miguel Sanchez
Castillo, Miguel Azorin
Bovet, Gerome
Perez, Gregorio Martinez
Stiller, Burkhard
[J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 22 (03) : 541 - 561
[4] Charbuty B., 2021, J APPL SCI TECHNOL T, V2, P20, DOI [10.38094/jastt20165, DOI 10.38094/JASTT20165]
[5] Chindhu ST, 2018, 2018 CONFERENCE ON EMERGING DEVICES AND SMART SYSTEMS (ICEDSS), P217, DOI 10.1109/ICEDSS.2018.8544281
[6] Emnett F., 2000, Power reduction through rtl clock gating
[7] Feng-Jen Yang, 2018, 2018 5th International Conference on Computational Science and Computational Intelligence (CSCI), P301, DOI 10.1109/CSCI46756.2018.00065
[8] github, ARMmbed/mbed-os
[9] github, System_MK64F12.c
[10] Hunter Jonathan, 2022, 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), P947, DOI 10.1109/CCNC49033.2022.9700706

← 1 2 3 4 →