 |
 |
Notice and Invitation
Oral Defense of Doctoral Dissertation
The Volgenau School of Engineering, George Mason University
Hossein Sayadi
Bachelor of Science, K. N. Toosi University of Technology, 2012
Master of Science, Sharif University of Technology, 2014
Towards Hardware Cybersecurity: Challenges and Solutions
Friday, May 31, 2019, 11:30 am
ENGR 1602
All are invited to attend.
Committee
Dr. Houman Homayoun (Chair)
Dr. Setareh Rafatirad (Co-chair)
Dr. Avesta Sasan
Dr. Jim Jones
Abstract
The ever-increasing complexity of modern computing systems results in the growth of security vulnerabilities, making such systems appealing targets for increasingly sophisticated cyber-attacks. Recent proliferation of computing devices in embedded systems and Internet-of-Things domains has further exacerbated the impact of cyber-attacks calling for effective detection techniques. In this presentation, I will describe how Machine Learning (ML) techniques and applications runtime information at the hardware-level can be effectively used to address major challenges of detecting emerging attacks. In response to the latency and inefficiencies of software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) has emerged as a promising solution to enhance the security of computing systems. HMD techniques rely on ML classifiers to detect patterns of malicious applications based on low-level microarchitectural features captured by processor’s Hardware Performance Counters (HPCs) during execution.
In this work, four key challenges to realize an effective runtime hardware-assisted malware detection are identified and addressed. These challenges include: 1) the type of key microarchitectural events to capture at runtime which varies across various malware classes; 2) no unique ML classifier achieves high malware detection rate across various types of malware; 3) the number of available HPC registers that can be monitored simultaneously is very limited in modern microprocessors; and 4) traditional ML-based solutions fail to detect the malware accurately when the attack is embedded in a benign application, as the microarchitectural data is polluted by both malware and benign applications data. Our comprehensive analysis shows that all of these influencing parameters highly depend on the class of malware and change across various malware classes (Virus, Rootkit, Backdoor, and Trojan), i.e. the ML classifier and the type of events to collect at runtime out of many microarchitectural events that deliver the highest detection rate and performance, highly depend on the class of malware. For each of these challenges, effective machine learning-based solutions are proposed to accurately detect malware at runtime. The experimental results show that the malware can be detected with 98.9% detection rate at runtime with limited available HPC resources, matching to almost what can be achieved offline having access to all microarchitectural data.