EAGER: Run-Time Hardware-Assisted Malware Detection Using Machine Learning

EAGER：使用机器学习进行运行时硬件辅助恶意软件检测

• 批准号: 1936836
• 负责人: Houman Homayoun
• 金额: $ 23.71万
• 依托单位: University of California-Davis
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1936836&HistoricalAwards=false
• 关键词: EAGER; Run; Time; Hardware; Assisted

Malware, a broad term for any type of malicious software, is a piece of code designed by cyber attackers to infect computing systems without the user consent, typically for harmful purposes such as stealing sensitive information. The ubiquity of information technology has made malware a serious threat. Detecting malware in a system is a difficult task, particularly when the malware is stealthy. Hardware-assisted malware detection (HMD) mechanisms seek runtime detection of malware. However, several challenges exist with deployment of HMD including limited availability of hardware registers, diversity of microarchitectural events, and difficulty of anomalous behavior detection for stealthy malware. Proposed research aims to find lightweight HMDs that are not too costly to implement and provide continuous runtime monitoring.The core research agenda is development of lightweight malware detection mechanisms using low level microarchitectural behavior. Specifically, this project is interested in (i) developing effective machine-learning classifier against malware that are relatively inexpensive to implement; and (ii) development of tools and methods for evaluating effectiveness and robustness of various solution alternatives.From a societal viewpoint, this work enhances the research, education, and diversity at University of California Davis (UCD) by involving graduate, undergraduate, minority and female students, and enriches several courses that are offered at UCD. The proposed research effort could inspire and enable new approaches to securing computer systems, in particular in emerging domains such as Internet-of-Things (IoT), where computational requirement is constrained. Research results will be integrated in graduate and undergraduate courses offered by the investigator.The proposed solutions will be freely shared and broadly disseminated through public portals, https://ece.gmu.edu/~hhomayou/publications.html and GitHub: https://github.com/ASEEC/ML_classifier and https://github.com/ASEEC/HPC_Trace.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

恶意软件是任何类型的恶意软件的广义术语，是网络攻击者设计的一段代码，用于在未经用户同意的情况下感染计算机系统，通常用于窃取敏感信息等有害目的。信息技术的无处不在使恶意软件成为一个严重的威胁。检测系统中的恶意软件是一项困难的任务，特别是当恶意软件是隐蔽的时候。硬件辅助恶意软件检测(HMD)机制寻求恶意软件的运行时检测。然而，部署HMD存在一些挑战，包括硬件寄存器的可用性有限，微体系结构事件的多样性，以及难以检测隐形恶意软件的异常行为。提出的研究目标是寻找实现成本不太高的轻量级HMD，并提供持续的运行时监控。核心研究议程是开发使用低级别微体系结构行为的轻量级恶意软件检测机制。具体地说，这个项目感兴趣的是(I)开发针对恶意软件的有效的机器学习分类器，实施成本相对较低；以及(Ii)开发工具和方法来评估各种解决方案的有效性和健壮性。从社会的角度来看，这项工作通过涉及研究生、本科生、少数族裔和女性学生，加强了加州大学戴维斯分校(UCD)的研究、教育和多样性，并丰富了UCD提供的几门课程。拟议的研究工作可能会启发并启用保护计算机系统的新方法，特别是在计算要求受到限制的新兴领域，如物联网(IoT)。研究成果将被整合到研究人员提供的研究生和本科课程中。建议的解决方案将通过公共门户网站、https://ece.gmu.edu/~hhomayou/publications.html和GitHub免费分享和广泛传播：https://github.com/ASEEC/ML_classifier和https://github.com/ASEEC/HPC_Trace.This奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SCARF: Detecting Side-Channel Attacks at Real-time using Low-level Hardware Features

SCARF：使用低级硬件功能实时检测侧信道攻击

• DOI: 10.1109/iolts50870.2020.9159708
• 发表时间: 2020
• 期刊: IEEE International Symposium on On-Line Testing and Robust System Design
• 作者: Wang, Han;Sayadi, Hossein;Rafatirad, Setareh;Sasan, Avesta;Homayoun, Houman
• 通讯作者: Homayoun, Houman

Recent Advancements in Microarchitectural Security: Review of Machine Learning Countermeasures

微架构安全的最新进展：机器学习对策回顾

• DOI: 10.1109/mwscas48704.2020.9184539
• 发表时间: 2020
• 期刊: 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS
• 作者: Sayadi, Hossein;Wang, Han;Miari, Tahereh;Makrani, Hosein Mohammadi;Aliasgari, Mehrdad;Rafatirad, Setareh;Homayoun, Houman
• 通讯作者: Homayoun, Houman

Adaptive-HMD: Accurate and Cost-Efficient Machine Learning-Driven Malware Detection using Microarchitectural Events

自适应 HMD：使用微架构事件进行准确且经济高效的机器学习驱动的恶意软件检测

• DOI: 10.1109/iolts52814.2021.9486701
• 发表时间: 2021
• 期刊: IEEE International Symposium on On-Line Testing and Robust System Design
• 作者: Gao, Yifeng;Makrani, Hosein Mohammadi;Aliasgari, Mehrdad;Rezaei, Amin;Lin, Jessica;Homayoun, Houman;Sayadi, Hossein
• 通讯作者: Sayadi, Hossein

StealthMiner: Specialized Time Series Machine Learning for Run-Time Stealthy Malware Detection based on Microarchitectural Features

StealthMiner：基于微架构特征的运行时隐形恶意软件检测的专业时间序列机器学习

• DOI: 10.1145/3386263.3407585
• 发表时间: 2020
• 期刊: Proceedings of 2020 Great Lakes Symposium on VLSI (GLSVLSI'20
• 作者: Sayadi, Hossein;Gao, Yifeng;Mohammadi Makrani, Hosein;Mohsenin, Tinoosh;Sasan, Avesta;Rafatirad, Setareh;Lin, Jessica;Homayoun, Houman
• 通讯作者: Homayoun, Houman