LAMBDA: Lightweight assessment of malware for emBeddeD architectures

Sai Praveen Kadiyala, Manaar Alam, Yash Shrivastava, Sikhar Patranabis, Muhamed Fauzi Bin Abbas, Arnab Kumar Biswas, Debdeep Mukhopadhyay, Thambipillai Srikanthan

Research output: Contribution to journalArticlepeer-review

8 Citations (Scopus)

Abstract

Security is a critical aspect in many of the latest embedded and IoT systems. Malware is one of the severe threats of security for such devices. There have been enormous efforts in malware detection and analysis; however, occurrences of newer varieties of malicious codes prove that it is an extremely difficult problem given the nature of these surreptitious codes. In this article, instead of addressing a general solution, we aim at malware detection for platforms that have more than one core for performance enhancement. We investigate the utility of multiple cores from the point of view of security, where one of the cores operate as a watchdog. We define a notion of a new metric called LAMBDA (Lightweight Assessment of Malware for emBeddeD Architectures), denoted by λ, indicating a conceptual boundary between the programs which are allowed to run on a given platform, with the codes that are suspected as malwares. The metric λ is computed using carefully chosen monitors or features, which are tuples of high-level programs representing OS resources, along with low-level hardware performance counters. In comparison to heavy-weight machine learning techniques, we use an online hypothesis testing, in the form of t-test, to classify a given program-under-test. For applications where security is of prime concern, we propose an additional step based on multivariate analysis to classify the unknown programs that are closer to the threshold with a high degree of confidence. We present experimental results focusing on an ARM-based platform which validate that the proposed approach provides a lightweight, accurate assessment of malware codes for embedded platforms. In addition to it, we also present a security analysis to show the difficulty of a mimicry attack attempting to bypass LAMBDA.
Original languageEnglish
Pages (from-to)1-31
JournalACM Transactions on Embedded Computing Systems
Volume19
Issue number4
Early online date21 Jun 2020
DOIs
Publication statusPublished - 01 Jul 2020
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2020 ACM.

Keywords

  • embedded systems
  • hardware performance counters
  • hypothesis testing
  • Malware detection

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'LAMBDA: Lightweight assessment of malware for emBeddeD architectures'. Together they form a unique fingerprint.

Cite this