Please use this identifier to cite or link to this item:
Title: Hardware assisted malware detection for embedded systems
Authors: Nur Insyirah Lukeman
Keywords: Engineering::Computer science and engineering
Issue Date: 2022
Publisher: Nanyang Technological University
Source: Nur Insyirah Lukeman (2022). Hardware assisted malware detection for embedded systems. Final Year Project (FYP), Nanyang Technological University, Singapore.
Project: SCSE21-0003
Abstract: Detection of malicious software (malware) has been a challenging issue over the past years due to the increase of security threats. While there were many methods attempted to tackle this problem, little efforts are made to tackle security in embedded systems. Commercial anti-virus programs do not serve as a solution as this approach is unable to deliver the necessary security protection for these systems and may not be effective. As such, several researchers have attempted to develop tools for malware detection on the hardware level. In this paper, we aim to propose a lightweight malware detection tool using hardware performance counters (HPC) as a form of protection against malware for embedded systems. HPC provides a high-level abstraction layer that have been used to collect, monitor, and measure various system data, as well as examine resource usage. This approach aims to exploit HPC on ARM-based embedded systems and perform analysis as well as identify any malicious behaviour from its intended behaviour. The tool is designed to extract and differentiate the HPC data into two sets, malware and benign. The collection of HPC data comes from selected operating systems programs when any malware or benign programs are running in the embedded systems. Through a statistical approach, these HPC values are analysed and a distance metric, denoted as λ is used to evaluate if program running is its intended benign behaviour. With the historical data obtained, we perform an offline testing and implemented this malware detection methodology on a NVIDIA® Jetson Xavier™ NX Development Board operating on embedded Linux and Desay SV Automotive third-generation Intelligent Processing Unit (IPU-03) operating on QNX. Lastly, we propose a windowing technique to capture malware detection which centres on collection of the HPC data and evaluation of λ-value of the system at specific intervals continuously.
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
SCSE21-0003_FYP-Final Report_U1922993E.pdf
  Restricted Access
2.15 MBAdobe PDFView/Open

Page view(s)

Updated on May 16, 2022

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.