Your search keyword '"Basu, Kanad"' showing total 4 results

1. Explainable Machine Learning for Intrusion Detection via Hardware Performance Counters.

Author

Kuruvila, Abraham Peedikayil, Meng, Xingyu, Kundu, Shamik, Pandey, Gaurav, and Basu, Kanad

Subjects

MACHINE learning, COMPUTER architecture, INTRUSION detection systems (Computer security), SYSTEM failures, ANTIVIRUS software, COMPUTER systems

Abstract

The exponential proliferation of Malware over the past decade has threatened system security across a plethora of Internet of Things (IoT) devices. Furthermore, the improvements in computer architectures to include speculative branching and out-of-order executions have engendered new opportunities for adversaries to carry out microarchitectural attacks in these devices. Both Malware and microarchitectural attacks are imperative threats to computing systems, as their behaviors range from stealing sensitive data to total system failure. With the cat-and-mouse game between Anti-Virus Software (AVS) and attackers, the frequent bolstering of AVS induces large computational overhead. Consequently, hardware performance counter (HPC)-based detection strategies augmented with machine learning (ML) classifiers have gained popularity as a low overhead solution in identifying these malicious threats. However, ML models are operated as black boxes, which results in decisions that are not human understandable. Clarity of the models’ results facilitates the development of more robust systems. Existing explainable frameworks are only capable of determining each feature’s impact on a prediction which does not provide meaningful interpretable outcomes for HPC-based intrusion detection. In this article, we address this issue by proposing an explainable HPC-based double regression (HPCDR) ML framework. Our proposed technique provides relevant transparency through isolation of the most malevolent transient window of an application, thereby allowing a user to efficiently locate the pernicious instructions within the program. We evaluated HPCDR on five microarchitectural attacks and two Malware. HPCDR was successfully able to identify the most malicious function manifested in each intrusive application. [ABSTRACT FROM AUTHOR]

Published

2022

2. Runtime Malware Detection Using Embedded Trace Buffers.

Author

Elnaggar, Rana, Basu, Kanad, Chakrabarty, Krishnendu, and Karri, Ramesh

Subjects

*MALWARE, *LINUX operating systems, *ANTIVIRUS software

Abstract

Anti-virus software (AVS) tools are used to detect malware in a system. However, AVS are vulnerable to attacks. A malicious entity can exploit these vulnerabilities to subvert the AVS. Recently, hardware components such as hardware performance counters have been used for malware detection. In this article, we propose preempts malware by examining embedded processor traces (PREEMPT), a zero overhead, high-accuracy, low-latency technique to detect malware by repurposing embedded trace buffer (ETB), a debug hardware component available in most modern processors. The ETB is used for postsilicon validation and debug and allows us to control and monitor the internal activities of a chip, beyond what is provided by the input/output pins. PREEMPT combines these hardware-level observations with machine learning-based classifiers to preempt malware before it causes damage. The benefits of reusing ETB for malware detection include the increased robustness against attacks and no performance penalties. PREEMPT can detect malware on an OpenSPARC T1 core running Linux operating system with a F1-score of 96.6%. [ABSTRACT FROM AUTHOR]

Published

2022

3. Defending Hardware-Based Malware Detectors Against Adversarial Attacks.

Author

Kuruvila, Abraham Peedikayil, Kundu, Shamik, and Basu, Kanad

Subjects

DETECTORS, MACHINE learning, INTERNET of things, MALWARE, ANTIVIRUS software

Abstract

In the era of Internet of Things (IoT), Malware has been proliferating exponentially over the past decade. Traditional anti-virus software are ineffective against modern complex Malware. In order to address this challenge, researchers have proposed hardware-assisted Malware detection (HMD) using hardware performance counters (HPCs). The HPCs are used to train a set of machine learning (ML) classifiers, which in turn, are used to distinguish benign programs from Malware. Recently, adversarial attacks have been designed by introducing perturbations in the HPC traces using an adversarial sample predictor to misclassify a program for specific HPCs. These attacks are designed with the basic assumption that the attacker is aware of the HPCs being used to detect Malware. Since modern processors consist of hundreds of HPCs, restricting to only a few of them for Malware detection aids the attacker. In this article, we propose a moving target defense (MTD) for this adversarial attack by designing multiple ML classifiers trained on different sets of HPCs. The MTD randomly selects a classifier; thus, confusing the attacker about the HPCs or the number of classifiers applied. We have developed an analytical model which proves that the probability of an attacker to guess the perfect HPC-classifier combination for MTD is extremely low (in the range of $10^{-1864}$ for a system with 20 HPCs). Our experimental results prove that the proposed defense is able to improve the classification accuracy of HPC traces that have been modified through an adversarial sample generator by up to 31.5%, for a near perfect (99.4%) restoration of the original accuracy. [ABSTRACT FROM AUTHOR]

Published

2021

4. PREEMPT: PReempting Malware by Examining Embedded Processor Traces.

Author

Basu, Kanad, Elnaggar, Rana, Chakrabarty, Krishnendu, and Karri, Ramesh

Subjects

EMBEDDED computer systems, MALWARE, ANTIVIRUS software, DEBUGGING, MACHINE learning

Abstract

Anti-virus software (AVS) tools are used to detect Malware in a system. However, software-based AVS are vulnerable to attacks. A malicious entity can exploit these vulnerabilities to subvert the AVS. Recently, hardware components such as Hardware Performance Counters (HPC) have been used for Malware detection. In this paper, we propose PREEMPT, a zero overhead, high-accuracy and low-latency technique to detect Malware by re-purposing the embedded trace buffer (ETB), a debug hardware component available in most modern processors. The ETB is used for post-silicon validation and debug and allows us to control and monitor the internal activities of a chip, beyond what is provided by the Input/Output pins. PREEMPT combines these hardware-level observations with machine learning-based classifiers to preempt Malware before it can cause damage. There are many benefits of re-using the ETB for Malware detection. It is difficult to hack into hardware compared to software, and hence, PREEMPT is more robust against attacks than AVS. PREEMPT does not incur performance penalties. Finally, PREEMPT has a high True Positive value of 94% and maintains a low False Positive value of 2%. [ABSTRACT FROM AUTHOR]

Published

2019