Malicious Firmware Detection on Embedded Systems Using Deep Learning


Yapıcıoğlu C., YILDIRIM OKAY F., DEMİRCİ M.

2023 Innovations in Intelligent Systems and Applications Conference, ASYU 2023, Sivas, Türkiye, 11 - 13 Ekim 2023 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/asyu58738.2023.10296778
  • Basıldığı Şehir: Sivas
  • Basıldığı Ülke: Türkiye
  • Anahtar Kelimeler: CNN, Deep learning, embedded systems, image processing, IoT
  • Gazi Üniversitesi Adresli: Evet

Özet

IoT devices are extensively employed in various domains like smart homes, transportation, and health systems. However, with the growing usage of these devices, the probability of the occurrence of attacks is also increasing. One of the most prevalent attacks on these systems involves attempts of malicious firmware installation. This study aims to detect such malicious installations or firmware updates through the use of multilayer convolutional neural networks (CNN) on an embedded system. A CNN structure is created and trained by feeding firmware binary data which are converted to images. This trained model is then deployed on an embedded board for real-time, low-cost performance, and portability. The method determines whether the firmware is malicious or not as specified by the user and allows for installation accordingly. The proposed CNN-based model is compared to Autoencoder (AE) model in terms of accuracy. The proposed model is also analyzed under changing parameters including pooling functions, optimization functions, filter size, and layer dense. Derived from the outcomes of the experiments, suggested model is superior to AE models and has the highest accuracy achieved by multilayer CNN models with 91.19% under the parameters which are max pooling function, Adam optimizer, $3\times 3$ filter size, and 32,64,128 dense. The results indicate that the suggested model is portable, low-cost, and easily adaptable to different problems.