Machine Learning-Based Solutions for Secure and Energy-Efficient Computer Systems
Date
2019
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The ever-increasing complexity of modern computing systems results in the growth of security vulnerabilities, making such systems appealing targets for increasingly sophisticated cyber attacks. The recent proliferation of computing devices in embedded systems and Internet-of-Things domains has further exacerbated the impact of cyber attacks calling for effective detection techniques. In this work, we attempt to describe how Machine Learning (ML) techniques and applications run-time information at the hardware-level can be effectively used to address major challenges of detecting emerging attacks. In response to the latency and inefficiencies of software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) has emerged as a promising solution to enhance the security of computing systems. HMD techniques rely on ML classifiers to detect patterns of malicious applications based on low-level microarchitectural features captured by processors Hardware Performance Counters (HPCs) during execution. In this work, we propose effective machine learning-based approaches using low-level HPC information to address the security and energy-efficiency challenges of the modern computer systems. For the purpose of security enhancement, four key challenges to realize an effective run-time hardware-assisted malware detection are identified and addressed. These challenges include: 1) the type of key microarchitectural events to capture at run-time which varies across various malware classes; 2) no unique ML classifier achieves high malware detection rate across various types of malware; 3) the number of available HPC registers that can be monitored simultaneously is very limited in modern microprocessors; and 4) traditional ML-based solutions fail to detect the malware accurately when the attack is embedded in a benign application, as the microarchitectural data is polluted by both malware and benign applications data. Our comprehensive analysis shows that all of these influencing parameters highly depend on the class of malware and change across various malware classes (Virus, Rootkit, Backdoor, and Trojan), i.e. the ML classifier and the type of events to collect at run-time out of many microarchitectural events that deliver the highest detection rate and performance, highly depend on the class of malware. For each of these challenges, effective machine learning-based solutions are proposed to accurately detect malware at run-time. The experimental results for the proposed run-time HMD techniques show that the malware can be detected with 98.9% detection rate at run-time with limited available HPC resources, matching to almost what can be achieved offline having access to all microarchitectural data. Furthermore, for the last part of this research, in order to address the energy-efficiency challenges, we focus on the suitability of deploying effective machine learning techniques on run-time HPC-based information for addressing the performance vs. power consumption trade-offs and enhancing the energy-efficiency of modern heterogeneous multicore architectures. In overall, this research is primarily focused on developing highly accurate and complexity-aware machine learning-based solutions for security and energy efficiency enhancement of modern computer architectures based on the application’s microarchitectural events captured at run-time. As a result, the outcome of this research opens a path for computer architects and embedded systems designers in making appropriate and efficient architectural decisions for implementing future generation of computer systems, to most effectively improve the performance of machine learning algorithms for different optimization goals such as security and energy-efficiency of computer systems for emerging applications.