Abstract

The emerging embedded systems, which account for a wide range of applications are often highly resource-constrained challenging the conventional software-based methods traditionally deployed for detecting and containing malware in general purpose computing systems. In addition to the complexity and cost (computing and storage), the software-based malware detection methods mostly rely on the static signature analysis of the running programs, requiring continuous software update in the field to remain accurate in capturing emerging malware, which is not affordable for embedded systems with limited computing and communication bandwidth. Hardware-assisted Malware Detection (HMD) though found to be more efficient, limited computing power and resources in embedded systems as well as the small number of available Hardware Performance Counter (HPC) registers that can be simultaneously captured, make accurate runtime malware detection in embedded devices a challenging problem. In response, this work proposes a lightweight customized HMD approach which takes advantage of HPC features to effectively detect and further classify various malware classes at runtime. To realize a runtime solution that relies on limited available HPCs and to enhance the accuracy of malware detection, we use customized HMD for individual class of malware that utilizes various Machine Learning (ML) classifiers to detect malware using the four most important HPC features.