Abstract
Machine learning-based hardware malware detectors (HMDs) offer a potential game changing advantage in defending systems against malware. However, HMDs suffer from adversarial attacks, can be effectively reverse-engineered and subsequently be evaded, allowing malware to hide from detection. We address this issue by proposing novel HMDs (Stochastic-HMDs), which leverage approximate computing (AC) to harden HMDs against adversarial evasion attacks. Stochastic-HMDs introduce stochastic noise into the computations within the model to build an efficient and low-cost moving-target defense. Specifically, we use controlled undervolting, i.e., scaling the supply voltage below nominal level, to deliberately induce stochastic timing violations in the HMDs' computations during inference (detection). We show that such technique makes HMDs more resilient to adversarial attacks, especially to reverse-engineering and transferability. Our thorough empirical results substantiate that Stochastic-HMDs offer effective defense against adversarial attacks along with by-product power savings, without requiring any changes to the hardware/software nor to the HMDs' model, i.e., no retraining or fine tuning is needed. In particular, Stochastic-HMDs can detect more than 94% of the evasive malware with a negligible (i.e., < 2%) accuracy loss, along with ~15% power savings.
Original language | English |
---|---|
Title of host publication | 2023 60th ACM/IEEE Design Automation Conference, DAC 2023: proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Number of pages | 6 |
ISBN (Electronic) | 9798350323481 |
ISBN (Print) | 9798350323498 |
DOIs | |
Publication status | Published - 15 Sept 2023 |
Event | 60th ACM/IEEE Design Automation Conference, DAC 2023 - San Francisco, United States Duration: 09 Jul 2023 → 13 Jul 2023 |
Publication series
Name | Proceedings - Design Automation Conference |
---|---|
Volume | 2023-July |
ISSN (Print) | 0738-100X |
Conference
Conference | 60th ACM/IEEE Design Automation Conference, DAC 2023 |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 09/07/2023 → 13/07/2023 |
Bibliographical note
Publisher Copyright:© 2023 IEEE.
Keywords
- Adversarial Attack
- HMD
- Undervolting
ASJC Scopus subject areas
- Computer Science Applications
- Control and Systems Engineering
- Electrical and Electronic Engineering
- Modelling and Simulation