TY - GEN
T1 - A brain-inspired approach for malware detection using sub-semantic hardware features
AU - Parsa, Maryam
AU - Khasawneh, Khaled N.
AU - Alouani, Ihsen
PY - 2023/6/5
Y1 - 2023/6/5
N2 - Despite significant efforts to enhance the resilience of computer systems against malware attacks, the abundance of exploitable vulnerabilities remains a significant challenge. While preventing compromises is difficult, traditional signature-based static analysis techniques are susceptible to bypassing through metamorphic/polymorphic malware or zero-day exploits. Dynamic detection techniques, particularly those utilizing machine learning (ML), have the potential to identify previously unseen signatures by monitoring program behavior. However, classical ML models are power and resource intensive and may not be suitable for devices with limited budgets. This constraint creates a challenging tradeoff between security and resource utilization, which cannot be fully addressed through model compression and pruning. In contrast, neuromorphic architectures offer a promising solution for low-power brain-inspired systems. In this work, we explore the novel use of neuromorphic architectures for malware detection. We accomplish this by encoding sub-semantic micro-architecture level features in the spiking domain and proposing a Spiking Neural Network (SNN) architecture for hardware-aware malware detection. Our results demonstrate promising malware detection performance with an 89% F1-score. Ultimately, this work advocates that neuromorphic architectures, due to their low power consumption, represent a promising candidate for malware detection, especially for energy-constraint processors in IoT and Edge devices.
AB - Despite significant efforts to enhance the resilience of computer systems against malware attacks, the abundance of exploitable vulnerabilities remains a significant challenge. While preventing compromises is difficult, traditional signature-based static analysis techniques are susceptible to bypassing through metamorphic/polymorphic malware or zero-day exploits. Dynamic detection techniques, particularly those utilizing machine learning (ML), have the potential to identify previously unseen signatures by monitoring program behavior. However, classical ML models are power and resource intensive and may not be suitable for devices with limited budgets. This constraint creates a challenging tradeoff between security and resource utilization, which cannot be fully addressed through model compression and pruning. In contrast, neuromorphic architectures offer a promising solution for low-power brain-inspired systems. In this work, we explore the novel use of neuromorphic architectures for malware detection. We accomplish this by encoding sub-semantic micro-architecture level features in the spiking domain and proposing a Spiking Neural Network (SNN) architecture for hardware-aware malware detection. Our results demonstrate promising malware detection performance with an 89% F1-score. Ultimately, this work advocates that neuromorphic architectures, due to their low power consumption, represent a promising candidate for malware detection, especially for energy-constraint processors in IoT and Edge devices.
U2 - 10.1145/3583781.3590293
DO - 10.1145/3583781.3590293
M3 - Conference contribution
SN - 979840070125
T3 - Proceedings of the Great Lakes Symposium on VLSI
SP - 139
EP - 142
BT - GLSVLSI '23: Proceedings of the Great Lakes Symposium on VLSI 2023
PB - Association for Computing Machinery
T2 - GLSVLSI '23: Great Lakes Symposium on VLSI 2023
Y2 - 5 June 2023 through 7 June 2023
ER -