2020
Kuruvila, Abraham Peedikayil; Kundu, Shamik; Basu, Kanad
Defending Hardware-based Malware Detectors against Adversarial Attacks Journal Article
In: arXiv preprint arXiv:2005.03644, 2020.
Abstract | Links | BibTeX | Tags: Attack Resillience
@article{Kuruvila2020b,
title = {Defending Hardware-based Malware Detectors against Adversarial Attacks},
author = {Abraham Peedikayil Kuruvila and Shamik Kundu and Kanad Basu},
url = {https://arxiv.org/pdf/2005.03644.pdf},
year = {2020},
date = {2020-01-01},
journal = {arXiv preprint arXiv:2005.03644},
abstract = {In the era of Internet of Things (IoT), Malware has been proliferating exponentially over the past decade. Traditional anti-virus software are ineffective against modern complex Malware. In order to address this challenge, researchers have proposed Hardware-assisted Malware Detection (HMD) using Hardware Performance Counters (HPCs). The HPCs are used to train a set of Machine learning (ML) classifiers, which in turn, are used to distinguish benign programs from Malware. Recently, adversarial attacks have been designed by introducing perturbations in the HPC traces using an adversarial sample predictor to misclassify a program for specific HPCs. These attacks are designed with the basic assumption that the attacker is aware of the HPCs being used to detect Malware. Since modern processors consist of hundreds of HPCs, restricting to only a few of them for Malware detection aids the attacker. In this paper, we propose a Moving target defense (MTD) for this adversarial attack by designing multiple ML classifiers trained on different sets of HPCs. The MTD randomly selects a classifier; thus, confusing the attacker about the HPCs or the number of classifiers applied. We have developed an analytical model which proves that the probability of an attacker to guess the perfect HPC-classifier combination for MTD is extremely low (in the range of 10^-1864 for a system with 20 HPCs). Our experimental results prove that the proposed defense is able to improve the classification accuracy of HPC traces that have been modified through an adversarial sample generator by up to 31.5%, for a near perfect (99.4%) restoration of the original accuracy.},
keywords = {Attack Resillience},
pubstate = {published},
tppubtype = {article}
}
In the era of Internet of Things (IoT), Malware has been proliferating exponentially over the past decade. Traditional anti-virus software are ineffective against modern complex Malware. In order to address this challenge, researchers have proposed Hardware-assisted Malware Detection (HMD) using Hardware Performance Counters (HPCs). The HPCs are used to train a set of Machine learning (ML) classifiers, which in turn, are used to distinguish benign programs from Malware. Recently, adversarial attacks have been designed by introducing perturbations in the HPC traces using an adversarial sample predictor to misclassify a program for specific HPCs. These attacks are designed with the basic assumption that the attacker is aware of the HPCs being used to detect Malware. Since modern processors consist of hundreds of HPCs, restricting to only a few of them for Malware detection aids the attacker. In this paper, we propose a Moving target defense (MTD) for this adversarial attack by designing multiple ML classifiers trained on different sets of HPCs. The MTD randomly selects a classifier; thus, confusing the attacker about the HPCs or the number of classifiers applied. We have developed an analytical model which proves that the probability of an attacker to guess the perfect HPC-classifier combination for MTD is extremely low (in the range of 10^-1864 for a system with 20 HPCs). Our experimental results prove that the proposed defense is able to improve the classification accuracy of HPC traces that have been modified through an adversarial sample generator by up to 31.5%, for a near perfect (99.4%) restoration of the original accuracy.
Santikellur, Pranesh; Chakraborty, Rajat Subhra
A Computationally Efficient Tensor Regression Network based Modeling Attack on XOR Arbiter PUF and its Variants Journal Article
In: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, pp. 1-1, 2020, ISSN: 1937-4151.
Abstract | Links | BibTeX | Tags: Attack Resillience
@article{Santikellur2020Computb,
title = {A Computationally Efficient Tensor Regression Network based Modeling Attack on XOR Arbiter PUF and its Variants},
author = {Pranesh Santikellur and Rajat Subhra Chakraborty},
doi = {10.1109/TCAD.2020.3032624},
issn = {1937-4151},
year = {2020},
date = {2020-01-01},
journal = {IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems},
pages = {1-1},
abstract = {XOR Arbiter PUF (XOR APUF), where the outputs of multiple APUFs are XOR-ed, has proven to be more robust to machine learning based modeling attacks. The reported successful modeling attacks for XOR APUF either employ auxiliary side-channel or reliability information, or require enormous computational effort. This robustness is primarily due to the difficulty in learning the unknown internal delay parameter terms in the mathematical model of a XOR APUF, and the robustness increases as the number of APUFs being XOR-ed increases. In this paper, we employ a novel machine learning based modeling technique called efficient CANDECOMP/PARAFAC-Tensor Regression Network (CP-TRN), a variant of CP-decomposition based tensor regression network, to reduce the computational resource requirement of model building attacks on XOR APUF. We theoretically prove the reduction in computational complexity, as well as give supporting experimental results. In addition, our proposed technique does not require any auxiliary information, and is robust to noisy training data. The proposed technique allowed us to successfully model 64-bit 8-XOR APUF and 128-bit 7-XOR APUF on a single desktop workstation, with high prediction accuracy. Further, we extend the proposed modeling attack technique to XOR APUF variants, e.g. Lightweight Secure PUF (LSPUF), which rely on input challenge transformation. The modeling accuracy results obtained by us for the LSPUF are comparable with those obtained by applying other state-of-the-art techniques, while requiring less training data.},
keywords = {Attack Resillience},
pubstate = {published},
tppubtype = {article}
}
XOR Arbiter PUF (XOR APUF), where the outputs of multiple APUFs are XOR-ed, has proven to be more robust to machine learning based modeling attacks. The reported successful modeling attacks for XOR APUF either employ auxiliary side-channel or reliability information, or require enormous computational effort. This robustness is primarily due to the difficulty in learning the unknown internal delay parameter terms in the mathematical model of a XOR APUF, and the robustness increases as the number of APUFs being XOR-ed increases. In this paper, we employ a novel machine learning based modeling technique called efficient CANDECOMP/PARAFAC-Tensor Regression Network (CP-TRN), a variant of CP-decomposition based tensor regression network, to reduce the computational resource requirement of model building attacks on XOR APUF. We theoretically prove the reduction in computational complexity, as well as give supporting experimental results. In addition, our proposed technique does not require any auxiliary information, and is robust to noisy training data. The proposed technique allowed us to successfully model 64-bit 8-XOR APUF and 128-bit 7-XOR APUF on a single desktop workstation, with high prediction accuracy. Further, we extend the proposed modeling attack technique to XOR APUF variants, e.g. Lightweight Secure PUF (LSPUF), which rely on input challenge transformation. The modeling accuracy results obtained by us for the LSPUF are comparable with those obtained by applying other state-of-the-art techniques, while requiring less training data.