Abstract
Due to the popularization of Internet of Things (IoT) devices, numerous and varied devices have been connected to the Internet. While various devices including home appliances operate via the Internet, attacks targeting many IoT devices are increasing because the vulnerabilities exist in them. Furthermore, there is a problem that introducing a security mechanism as software is difficult because they have few hardware resources. Therefore, a security mechanism which does not consume hardware resources such as CPU and memory is required. We propose a malware detection mechanism using values extracted from the processor. We aim to offload the malware detection mechanism to hardware by using the processor information and aim to suppress the consumption of hardware resources. In this paper, we implemented a prototype of our proposed mechanism using QEMU, which is a virtual machine. We show that our proposed mechanism can classify malware or benign programs by using the processor information as well as detect malware variant belonging to the same family.
Similar content being viewed by others
Notes
In this paper, we set the threshold to 80% from our experimental result.
References
Gartner Says 8.4 Billion connected “Things” will be in use in 2017, up 31 percent from 2016 (2017). http://www.gartner.com/newsroom/id/3598917. Accessed 21 Sep 2018
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and Other botnets. Computer 50(7), 80–84 (2017)
Malware in the age of IoT (2018). https://blog.trendmicro.com/malware-in-the-age-of-iot/. Accessed 17 Aug 2018
BrickerBot malware emerges, permanently bricks IoT devices - security news - Trend Micro USA (2018). https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/brickerbot-malware-permanently-bricks-iot-devices. Accessed 17 Aug 2018
Gartner, Internet of things research study: 2014 report. (2015). http://d-russia.ru/wp-content/uploads/2015/10/4AA5-4759ENW.pdf. Accessed 21 Sep 2018
Malware Statistics & Trends Report | AV-TEST (2018). https://www.av-test.org/en/statistics/malware/. Accessed 21 Sep 2018
Elhadi, A.A.E., Maarof, M.A., Osman, A.H.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9(13), 283–288 (2012)
Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: 2013 5th Conference on Information and Knowledge Technology (IKT), pp. 113–120 (2013)
Mahindru, A., Singh, P.: Dynamic permissions based android malware detection using machine learning techniques. In: Proceedings of the 10th Innovations in Software Engineering Conference, pp. 202–210 (2017)
Murakami, J., Ukai, Y.: Improving accuracy of malware detection by filtering evaluation dataset based on its similarity. In: Computser Security Symposium 2013 Journal, pp. 870–876 (2013) (in Japanese)
Adkins, F., Jones, L., Carlisle, M., Upchurch, J.: Heuristic malware detection via basic block comparison. In: 2013 8th International Conference on Malicious and Unwanted Software: “The Americas” (MALWARE), pp. 11–18 (2013)
Khodamoradi, P., Fazlali, M., Mardukhi, F., Nosrati, M.: Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms. In: 2015 18th CSI International Symposium on Computer Architecture and Digital Systems (CADS), pp. 1–6 (2015)
TrustZone - Arm Developer (2018). https://developer.arm.com/technologies/trustzone. Accessed 21 Sep 2018
Azab, A.M., Ning, P., Shah, J., Chen, Q., Bhutkar, R., Ganesh, G., Ma, J., Shen, W.: Hypervision across worlds: real-time kernel protection from the ARM TrustZone Secure World. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 90–102 (2014)
Guan, L., Liu, P., Xing, X., Ge, X., Zhang, S., Yu, M., Jaeger, T.: TrustShadow: secure execution of unmodified applications with ARM TrustZone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488–501 (2017)
Sabin G., Rashti M.: Security offload using the SmartNIC, a programmable 10 Gbps ethernet NIC. In: 2015 National Aerospace and Electronics Conference (NAECON), pp. 273–276 (2015)
Thiruneelakandan, A., Thirumurugan, T.: An approach towards improved cyber security by hardware acceleration of OpenSSL cryptographic functions. In: 2011 International Conference on Electronics, Communication and Computing Technologies, pp. 13–16 (2011)
Chang, J.K.T., Liu, S., Gaudiot, J.L., Liu, C.: Hardware-assisted security mechanism: The acceleration of cryptographic operations with low hardware cost. In: International Performance Computing and Communications Conference, pp. 327–328 (2010)
Kobayashi, R., Takase, H., Otani, G., Ohmura, R., Kato, M.: Preliminary evaluation on the program classification at the processor level using machine learning. IEICE Tech. Rep. 117(316), 5–10 (2017). (in Japanese)
QEMU (2018). https://www.qemu.org/. Accessed 21 Sep 2018
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Cheng, C., Bouganis, C.S.: Accelerating random forest training process using FPGA. In: 2013 23rd International Conference on Field programmable Logic and Applications, pp. 1–7 (2013)
micheloosterhof/cowrie-dev: Cowrie SSH/Telnet Honeypot (2018). https://github.com/micheloosterhof/cowrie-dev. Accessed 21 Sep 2018
VirusTotal (2018). https://www.virustotal.com. Accessed 21 Sep 2018
The Ultimate Packer for eXecutables (2018). https://upx.github.io/. Accessed 21 Sep 2018
Guo, F., Ferrie, P., Chiueh, T.: A study of the Packer problem and its solutions. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) Recent Advances in Intrusion Detection, pp. 98–115. Springer, Berlin (2008)
RISC-V Foundation (2019). https://riscv.org/. Accessed 26 Mar 2019
Acknowledgements
A part of this research was supported by JSPS KAKENHI Grant Numbers 17K00076 and 16K00071.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix A: malware list
Appendix A: malware list
Table 12 shows a list of malware used for our evaluation in this paper.
Rights and permissions
About this article
Cite this article
Takase, H., Kobayashi, R., Kato, M. et al. A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information. Int. J. Inf. Secur. 19, 71–81 (2020). https://doi.org/10.1007/s10207-019-00437-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-019-00437-y