Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning

Nuri Alperen Kose; Razaq Jinad; Amar Rasheed; Narasimha Shashidhar; Mohamed Baza; Hani Alshahrani

doi:10.3390/s24030983

Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning

Sensors (Basel). 2024 Feb 2;24(3):983. doi: 10.3390/s24030983.

Authors

Nuri Alperen Kose¹, Razaq Jinad¹, Amar Rasheed¹, Narasimha Shashidhar¹, Mohamed Baza², Hani Alshahrani³

Affiliations

¹ Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA.
² Department of Computer Science, College of Charleston, Charleston, SC 29424, USA.
³ Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia.

Abstract

Embedded system technologies are increasingly being incorporated into manufacturing, smart grid, industrial control systems, and transportation systems. However, the vast majority of today's embedded platforms lack the support of built-in security features which makes such systems highly vulnerable to a wide range of cyber-attacks. Specifically, they are vulnerable to malware injection code that targets the power distribution system of an ARM Cortex-M-based microcontroller chipset (ARM, Cambridge, UK). Through hardware exploitation of the clock-gating distribution system, an attacker is capable of disabling/activating various subsystems on the chip, compromising the reliability of the system during normal operation. This paper proposes the development of an Intrusion Detection System (IDS) capable of detecting clock-gating malware deployed on ARM Cortex-M-based embedded systems. To enhance the robustness and effectiveness of our approach, we fully implemented, tested, and compared six IDSs, each employing different methodologies. These include IDSs based on K-Nearest Classifier, Random Forest, Logistic Regression, Decision Tree, Naive Bayes, and Stochastic Gradient Descent. Each of these IDSs was designed to identify and categorize various variants of clock-gating malware deployed on the system. We have analyzed the performance of these IDSs in terms of detection accuracy against various types of clock-gating malware injection code. Power consumption data collected from the chipset during normal operation and malware code injection attacks were used for models' training and validation. Our simulation results showed that the proposed IDSs, particularly those based on K-Nearest Classifier and Logistic Regression, were capable of achieving high detection rates, with some reaching a detection rate of 0.99. These results underscore the effectiveness of our IDSs in protecting ARM Cortex-M-based embedded systems against clock-gating malware.

Keywords: ARM cortex; embedded systems; intrusion detection; machine learning; malware.

Grants and funding

NU/RG/SERC/12/27/Najran University