Date of Award

Fall 2023

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

Committee Director

Danella Zhao

Committee Director

Rui Ning

Committee Member

Stephan Olariu

Committee Member

Yaohang Li

Abstract

Over the past few years, there has been a substantial increase in cyberattacks targeting Internet of Things (IoT) devices, encompassing threats like botnets, ransomware, trojans, etc. Designing an effective solution for malware detection in IoT devices is particularly challenging due to their inherent limited resources and diverse architectures. Conventional malware detection methods, relying on large servers to deploy such as signature-based detection, prove impractical due to the resource constraints of IoT devices. Furthermore, the newly evolved malware variants have intensified this dilemma, such as malware exhibiting advanced stealthy behaviors or exploiting zero-day vulnerabilities. Therefore addressing this critical issue requires not only the development of an effective approach capable of detecting sophisticated malware but also a resource-efficient detection solution tailored to the unique constraints of IoT environments. In this dissertation work, we have delved into and examined the potential and capabilities of employing dedicated side-channel analysis, coupled with deep learning techniques, to design a Securedeep accelerator for malware detection. Initially, we designed an on-device malware detection engine utilizing side-channel data, specifically CPU power fingerprinting, and developed a lightweight deep learning model featuring depth wise separable convolution layers to achieve efficient real-time detection. Subsequently, we introduce a novel fine-grained power side-channel analysis to further solve malware variant detection. Unlike conventional methods, our fine-grained analysis enables the detection by learning shared features between existing and unknown malware, therefore enabling the detection of zero-day malware by filtering out the irrelevant features. We shift our focus from power to hardware performance counters (HPCs), which offer multi-channel insights into CPU behaviors with over 50 different event types, compared to the previous single-channel power data. We introduce a core innovative concept of “diversifying the HPC data to maximize the information of feature extraction" to greatly improve the detection performance. Leveraging this innovation, we design a detection engine by introducing a variable-length entropy analysis to achieve the detection of stealthy malware. As a result, the SecureDeep detection accelerator has demonstrated effective on-device real-time detection against both zero-day and stealthy malware.

Rights

In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/ This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).

DOI

10.25777/jhs5-db32

ISBN

9798381449167

Share

COinS