DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels

Fei Ding; Hongda Li; Feng Luo; Hongxin Hu; Long Cheng; Hai Xiao; Rong Ge

doi:10.1145/3320269.3384727

DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels

Fei Ding
, Hongda Li
, Feng Luo
, Hongxin Hu
, Long Cheng
, Hai Xiao
, Rong Ge

Department of Computer Science and Engineering

University at Buffalo

Clemson University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

60 Scopus citations

Abstract

The vulnerability of Internet of Things (IoT) devices to malware attacks poses huge challenges to current Internet security. The IoT malware attacks are usually composed of three stages: intrusion, infection and monetization. Existing approaches for IoT malware detection cannot effectively identify the executed malicious activities at intrusion and infection stages, and thus cannot help stop potential attacks timely. In this paper, we present DeepPower, a non-intrusive approach to infer malicious activities of IoT malware via analyzing power side-channel signals using deep learning. DeepPower first filters raw power signals of IoT devices to obtain suspicious signals, and then performs a fine-grained analysis on these signals to infer corresponding executed activities inside the devices. DeepPower determines whether there exists an ongoing malware infection by conducting a correlation analysis on these identified activities. We implement a prototype of DeepPower leveraging low-cost sensors and devices and evaluate the effectiveness of DeepPower against real-world IoT malware using commodity IoT devices. Our experimental results demonstrate that DeepPower is able to detect infection activities of different IoT malware with a high accuracy without any changes to the monitored devices.

Original language	English
Title of host publication	Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
Publisher	Association for Computing Machinery, Inc
Pages	33-46
Number of pages	14
ISBN (Electronic)	9781450367509
DOIs	https://doi.org/10.1145/3320269.3384727
State	Published - Oct 5 2020
Event	15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 - Virtual, Online, Taiwan, Province of China Duration: Oct 5 2020 → Oct 9 2020

Publication series

Name	Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020

Conference

Conference	15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
Country/Territory	Taiwan, Province of China
City	Virtual, Online
Period	10/5/20 → 10/9/20

Keywords

IoT
deep learning
malware detection
non-intrusive
power side channels

Access to Document

10.1145/3320269.3384727

Cite this

Ding, F., Li, H., Luo, F., Hu, H., Cheng, L., Xiao, H., & Ge, R. (2020). DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 (pp. 33-46). (Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020). Association for Computing Machinery, Inc. https://doi.org/10.1145/3320269.3384727

Ding, Fei ; Li, Hongda ; Luo, Feng et al. / DeepPower : Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020. Association for Computing Machinery, Inc, 2020. pp. 33-46 (Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020).

@inproceedings{8d12f04874074ecfa64d2b2560321607,

title = "DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels",

abstract = "The vulnerability of Internet of Things (IoT) devices to malware attacks poses huge challenges to current Internet security. The IoT malware attacks are usually composed of three stages: intrusion, infection and monetization. Existing approaches for IoT malware detection cannot effectively identify the executed malicious activities at intrusion and infection stages, and thus cannot help stop potential attacks timely. In this paper, we present DeepPower, a non-intrusive approach to infer malicious activities of IoT malware via analyzing power side-channel signals using deep learning. DeepPower first filters raw power signals of IoT devices to obtain suspicious signals, and then performs a fine-grained analysis on these signals to infer corresponding executed activities inside the devices. DeepPower determines whether there exists an ongoing malware infection by conducting a correlation analysis on these identified activities. We implement a prototype of DeepPower leveraging low-cost sensors and devices and evaluate the effectiveness of DeepPower against real-world IoT malware using commodity IoT devices. Our experimental results demonstrate that DeepPower is able to detect infection activities of different IoT malware with a high accuracy without any changes to the monitored devices.",

keywords = "IoT, deep learning, malware detection, non-intrusive, power side channels",

author = "Fei Ding and Hongda Li and Feng Luo and Hongxin Hu and Long Cheng and Hai Xiao and Rong Ge",

note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 ; Conference date: 05-10-2020 Through 09-10-2020",

year = "2020",

month = oct,

day = "5",

doi = "10.1145/3320269.3384727",

language = "English",

series = "Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020",

publisher = "Association for Computing Machinery, Inc",

pages = "33--46",

booktitle = "Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020",

}

Ding, F, Li, H, Luo, F, Hu, H, Cheng, L, Xiao, H & Ge, R 2020, DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels. in Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020, Association for Computing Machinery, Inc, pp. 33-46, 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020, Virtual, Online, Taiwan, Province of China, 10/5/20. https://doi.org/10.1145/3320269.3384727

DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels. / Ding, Fei; Li, Hongda; Luo, Feng et al.
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020. Association for Computing Machinery, Inc, 2020. p. 33-46 (Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DeepPower

T2 - 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020

AU - Ding, Fei

AU - Li, Hongda

AU - Luo, Feng

AU - Hu, Hongxin

AU - Cheng, Long

AU - Xiao, Hai

AU - Ge, Rong

PY - 2020/10/5

Y1 - 2020/10/5

N2 - The vulnerability of Internet of Things (IoT) devices to malware attacks poses huge challenges to current Internet security. The IoT malware attacks are usually composed of three stages: intrusion, infection and monetization. Existing approaches for IoT malware detection cannot effectively identify the executed malicious activities at intrusion and infection stages, and thus cannot help stop potential attacks timely. In this paper, we present DeepPower, a non-intrusive approach to infer malicious activities of IoT malware via analyzing power side-channel signals using deep learning. DeepPower first filters raw power signals of IoT devices to obtain suspicious signals, and then performs a fine-grained analysis on these signals to infer corresponding executed activities inside the devices. DeepPower determines whether there exists an ongoing malware infection by conducting a correlation analysis on these identified activities. We implement a prototype of DeepPower leveraging low-cost sensors and devices and evaluate the effectiveness of DeepPower against real-world IoT malware using commodity IoT devices. Our experimental results demonstrate that DeepPower is able to detect infection activities of different IoT malware with a high accuracy without any changes to the monitored devices.

AB - The vulnerability of Internet of Things (IoT) devices to malware attacks poses huge challenges to current Internet security. The IoT malware attacks are usually composed of three stages: intrusion, infection and monetization. Existing approaches for IoT malware detection cannot effectively identify the executed malicious activities at intrusion and infection stages, and thus cannot help stop potential attacks timely. In this paper, we present DeepPower, a non-intrusive approach to infer malicious activities of IoT malware via analyzing power side-channel signals using deep learning. DeepPower first filters raw power signals of IoT devices to obtain suspicious signals, and then performs a fine-grained analysis on these signals to infer corresponding executed activities inside the devices. DeepPower determines whether there exists an ongoing malware infection by conducting a correlation analysis on these identified activities. We implement a prototype of DeepPower leveraging low-cost sensors and devices and evaluate the effectiveness of DeepPower against real-world IoT malware using commodity IoT devices. Our experimental results demonstrate that DeepPower is able to detect infection activities of different IoT malware with a high accuracy without any changes to the monitored devices.

KW - IoT

KW - deep learning

KW - malware detection

KW - non-intrusive

KW - power side channels

UR - https://www.scopus.com/pages/publications/85096385778

U2 - 10.1145/3320269.3384727

DO - 10.1145/3320269.3384727

M3 - Conference contribution

T3 - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020

SP - 33

EP - 46

BT - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020

PB - Association for Computing Machinery, Inc

Y2 - 5 October 2020 through 9 October 2020

ER -

Ding F, Li H, Luo F, Hu H, Cheng L, Xiao H et al. DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020. Association for Computing Machinery, Inc. 2020. p. 33-46. (Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020). doi: 10.1145/3320269.3384727

DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this