Defending HMDs against Adversarial Attacks

By: Abraham Kuruvila, Shamik Kundu and Kanad Basu (University of Texas at Dallas)

Stage: On-Field

Summary

This repository aims to protect Hardware-based Malware Detectors (HMDs) against adversarial attacks. This tool specifically deals with tools made of Hardware Performance Counters

Contact

Kanad Basu

Input/Output Interface

Input: Any software program running on a processor (ARM or x86)
Output: Classification whether it is a Malware or Benign program

Dependencies

Perf from Linux

Tool Link

References

Kuruvila, Abraham Peedikayil; Kundu, Shamik; Basu, Kanad

Defending Hardware-based Malware Detectors against Adversarial Attacks Journal Article

In: arXiv preprint arXiv:2005.03644, 2020.

Abstract | Links | BibTeX

@article{Kuruvila2020b,

title = {Defending Hardware-based Malware Detectors against Adversarial Attacks},

author = {Abraham Peedikayil Kuruvila and Shamik Kundu and Kanad Basu},

url = {https://arxiv.org/pdf/2005.03644.pdf},

year  = {2020},

date = {2020-01-01},

journal = {arXiv preprint arXiv:2005.03644},

abstract = {In the era of Internet of Things (IoT), Malware has been proliferating exponentially over the past decade. Traditional anti-virus software are ineffective against modern complex Malware. In order to address this challenge, researchers have proposed Hardware-assisted Malware Detection (HMD) using Hardware Performance Counters (HPCs). The HPCs are used to train a set of Machine learning (ML) classifiers, which in turn, are used to distinguish benign programs from Malware. Recently, adversarial attacks have been designed by introducing perturbations in the HPC traces using an adversarial sample predictor to misclassify a program for specific HPCs. These attacks are designed with the basic assumption that the attacker is aware of the HPCs being used to detect Malware. Since modern processors consist of hundreds of HPCs, restricting to only a few of them for Malware detection aids the attacker. In this paper, we propose a Moving target defense (MTD) for this adversarial attack by designing multiple ML classifiers trained on different sets of HPCs. The MTD randomly selects a classifier; thus, confusing the attacker about the HPCs or the number of classifiers applied. We have developed an analytical model which proves that the probability of an attacker to guess the perfect HPC-classifier combination for MTD is extremely low (in the range of 10^-1864 for a system with 20 HPCs). Our experimental results prove that the proposed defense is able to improve the classification accuracy of HPC traces that have been modified through an adversarial sample generator by up to 31.5%, for a near perfect (99.4%) restoration of the original accuracy.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}