{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,15]],"date-time":"2025-07-15T03:25:37Z","timestamp":1752549937725,"version":"3.37.3"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T00:00:00Z","timestamp":1645747200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T00:00:00Z","timestamp":1645747200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["20K11818","19K11968"],"award-info":[{"award-number":["20K11818","19K11968"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["19H04108"],"award-info":[{"award-number":["19H04108"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,8]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>We aim to improve the efficiency of our previously proposed anti-malware hardware; it is a hardware-implemented malware detection mechanism that uses information inside the processor. We previously evaluated a prototype, but, due to its prototypical nature, there remain limitations, such as only detecting certain behaviors, high power consumption, and a tendency to bloat the training model. In this paper, we propose a circuit and a learning method to achieve high efficiency, low power consumption, and light weight for the model. In considering these three issues, we focus on time-series metadata obtained by transforming the processor information. To improve efficiency, we implement predictive detection to predict the behavior of metadata in the malware detection component. This lets the model detect malware within less than 19% of the number of execution cycles of the conventional method. To reduce power consumption, we implement a sampling circuit that interrupts the input to the detection circuit at regular intervals, reducing the system\u2019s uptime by 99% while maintaining judgment accuracy. Finally, for a light weight, we focus on the training process of the metadata generator based on a machine-learning model. By applying sampling learning and feature dimensionality reduction in the training process, a metadata generator approximately 16% smaller than the previous version is created.<\/jats:p>","DOI":"10.1007\/s10207-021-00577-0","type":"journal-article","created":{"date-parts":[[2022,2,25]],"date-time":"2022-02-25T14:02:37Z","timestamp":1645797757000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["IoT-oriented high-efficient anti-malware hardware focusing on time series metadata extractable from inside a processor core"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2483-9647","authenticated-orcid":false,"given":"Kazuki","family":"Koike","sequence":"first","affiliation":[]},{"given":"Ryotaro","family":"Kobayashi","sequence":"additional","affiliation":[]},{"given":"Masahiko","family":"Katoh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,2,25]]},"reference":[{"issue":"7","key":"577_CR1","doi-asserted-by":"publisher","first-page":"1645","DOI":"10.1016\/j.future.2013.01.010","volume":"29","author":"J Gubbi","year":"2013","unstructured":"Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Future Gen. Comput. Syst. 29(7), 1645\u20131660 (2013)","journal-title":"Future Gen. Comput. Syst."},{"key":"577_CR2","unstructured":"Taylor, S.: The next generation of the internet. CISCO Point of view (2013)"},{"key":"577_CR3","unstructured":"(2018) OWASP Foundation | OWASP IoT Top 10. https:\/\/owasp.org\/www-pdf-archive\/OWASP-IoT-Top-10-2018-final.pdf, (Accessed on 08\/21\/2021)"},{"issue":"7","key":"577_CR4","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","volume":"50","author":"C Kolias","year":"2017","unstructured":"Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and Other Botnets. Computer 50(7), 80\u201384 (2017). https:\/\/doi.org\/10.1109\/MC.2017.201","journal-title":"Computer"},{"issue":"7","key":"577_CR5","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","volume":"50","author":"C Kolias","year":"2017","unstructured":"Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: Ddos in the iot: Mirai and other botnets. Computer 50(7), 80\u201384 (2017). https:\/\/doi.org\/10.1109\/MC.2017.201","journal-title":"Computer"},{"key":"577_CR6","doi-asserted-by":"publisher","first-page":"283","DOI":"10.3844\/ajassp.2012.283.288","volume":"9","author":"A Elhadi","year":"2012","unstructured":"Elhadi, A., Maarof, M., Hamza Osman, A.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9, 283\u2013288 (2012)","journal-title":"Am. J. Appl. Sci."},{"issue":"7","key":"577_CR7","doi-asserted-by":"publisher","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","volume":"14","author":"J Li","year":"2018","unstructured":"Li, J., Sun, L., Yan, Q., Li, Z., Srisa-an, W., Ye, H.: Significant permission identification for machine-learning-based android malware detection. IEEE Trans. Ind. Inform. 14(7), 3216\u20133225 (2018). https:\/\/doi.org\/10.1109\/TII.2017.2789219","journal-title":"IEEE Trans. Ind. Inform."},{"key":"577_CR8","doi-asserted-by":"publisher","unstructured":"Sewak, M., Sahay, S.K., Rathore, H.: Comparison of deep learning and the classical machine learning algorithm for the malware detection. In: 2018 19th IEEE\/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD), pp 293\u2013296. https:\/\/doi.org\/10.1109\/SNPD.2018.8441123 (2018)","DOI":"10.1109\/SNPD.2018.8441123"},{"key":"577_CR9","doi-asserted-by":"publisher","unstructured":"Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: The 5th Conference on Information and Knowledge Technology, pp 113\u2013120. https:\/\/doi.org\/10.1109\/IKT.2013.6620049 (2013)","DOI":"10.1109\/IKT.2013.6620049"},{"issue":"1","key":"577_CR10","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/s10207-019-00437-y","volume":"19","author":"H Takase","year":"2020","unstructured":"Takase, H., Kobayashi, R., Kato, M., Ohmura, R.: A prototype implementation and evaluation of the malware detection mechanism for IoT devices using the processor information. Int. J. Inf. Secur. 19(1), 71\u201381 (2020). https:\/\/doi.org\/10.1007\/s10207-019-00437-y","journal-title":"Int. J. Inf. Secur."},{"key":"577_CR11","unstructured":"Foreman, J.C.: A survey of cyber security countermeasures using hardware performance counters. arXiv:1807.10868 (2018)"},{"key":"577_CR12","doi-asserted-by":"publisher","unstructured":"Torres, G., Liu, C.: Can data-only exploits be detected at runtime using hardware events? A case study of the heartbleed vulnerability. In: HASP 2016: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016, Association for Computing Machinery, New York, NY, USA, HASP 2016. https:\/\/doi.org\/10.1145\/2948618.2948620 (2016)","DOI":"10.1145\/2948618.2948620"},{"key":"577_CR13","doi-asserted-by":"publisher","unstructured":"Bahador, M.B., Abadi, M., Tajoddin, A.: Hpcmalhunter: behavioral malware detection using hardware performance counters and singular value decomposition. In: 2014 4th International Conference on Computer and Knowledge Engineering (ICCKE), pp 703\u2013708. https:\/\/doi.org\/10.1109\/ICCKE.2014.6993402 (2014)","DOI":"10.1109\/ICCKE.2014.6993402"},{"key":"577_CR14","doi-asserted-by":"publisher","unstructured":"Nomani, J., Szefer, J.: Predicting program phases and defending against side-channel attacks using hardware performance counters. In: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy, Association for Computing Machinery, New York, NY, USA, HASP \u201915. https:\/\/doi.org\/10.1145\/2768566.2768575 (2015)","DOI":"10.1145\/2768566.2768575"},{"key":"577_CR15","first-page":"564","volume":"2017","author":"M Alam","year":"2017","unstructured":"Alam, M., Bhattacharya, S., Mukhopadhyay, D., Bhattacharya, S.: Performance counters to rescue: a machine learning based safeguard against micro-architectural side-channel-attacks. IACR Cryptol. ePrint Arch. 2017, 564 (2017)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"577_CR16","doi-asserted-by":"publisher","unstructured":"Jyothi, V., Wang, X., Addepalli, S.K., Karri, R.: Brain: Behavior based adaptive intrusion detection in networks: using hardware performance counters to detect ddos attacks. In: 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), pp 587\u2013588. https:\/\/doi.org\/10.1109\/VLSID.2016.115 (2016)","DOI":"10.1109\/VLSID.2016.115"},{"key":"577_CR17","doi-asserted-by":"publisher","unstructured":"Liu, Y., Shi, P., Wang, X., Chen, H., Zang, B., Guan, H.: Transparent and efficient cfi enforcement with intel processor trace. In: 2017 IEEE International Symposium on High Performance Computer Architecture (HPCA), pp 529\u2013540. https:\/\/doi.org\/10.1109\/HPCA.2017.18 (2017)","DOI":"10.1109\/HPCA.2017.18"},{"key":"577_CR18","doi-asserted-by":"publisher","unstructured":"Ding, Li, Kang, Ping, Yin, Wenbo, Feng, Zhi-Hua: Design and implementation of hardware-based low latency TCP offload engine for 10 Gbps Ethernet. In: 2016 13th IEEE International Conference on Solid-State and Integrated Circuit Technology (ICSICT), pp 701\u2013703. https:\/\/doi.org\/10.1109\/ICSICT.2016.7999016 (2016)","DOI":"10.1109\/ICSICT.2016.7999016"},{"key":"577_CR19","unstructured":"(2020) Ethos-u55 machine learning processor\u2014arm. https:\/\/www.arm.com\/ja\/products\/silicon-ip-cpu\/ethos\/ethos-u55. Accessed 21 Aug 2021"},{"key":"577_CR20","unstructured":"(2021) Intel hardware shield overview. https:\/\/www.intel.co.jp\/content\/dam\/www\/central-libraries\/us\/en\/documents\/white-paper-intel-hardware-shield.pdf. Accessed 21 Aug 2021"},{"key":"577_CR21","unstructured":"(2021) Intel$$^{\\text{\\textregistered} }$$ threat detection technology. https:\/\/www.intel.com\/content\/dam\/www\/public\/us\/en\/documents\/solution-briefs\/threat-detection-technology-solution-brief.pdf. Accessed 21 Aug 2021"},{"issue":"2","key":"577_CR22","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MM.2019.2898633","volume":"39","author":"D Stiles","year":"2019","unstructured":"Stiles, D.: The hardware security behind azure sphere. IEEE Micro 39(2), 20\u201328 (2019). https:\/\/doi.org\/10.1109\/MM.2019.2898633","journal-title":"IEEE Micro"},{"key":"577_CR23","doi-asserted-by":"publisher","unstructured":"Koike, K., Kobayashi, R., Katoh, M.: Reduction of classifier size and acceleration of classification algorithm in malware detection mechanism using processor information. In: 2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW), pp 339\u2013345. https:\/\/doi.org\/10.1109\/CANDARW.2019.00066 (2019)","DOI":"10.1109\/CANDARW.2019.00066"},{"key":"577_CR24","unstructured":"Weste, N., Eshraghian, K.: CMOS VLSI Design: A Circuits and Systems Perspective. Addison Wesley Longman Publishing Co (1985)"},{"key":"577_CR25","doi-asserted-by":"publisher","unstructured":"Alves, M.A.Z., Villavieja, C., Diener, M., Moreira, F.B., Navaux, P.O.A.: Sinuca: A validated micro-architecture simulator. In: 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, pp 605\u2013610. https:\/\/doi.org\/10.1109\/HPCC-CSS-ICESS.2015.166 (2015)","DOI":"10.1109\/HPCC-CSS-ICESS.2015.166"},{"key":"577_CR26","doi-asserted-by":"publisher","first-page":"78,120","DOI":"10.1109\/ACCESS.2019.2917698","volume":"7","author":"A Akram","year":"2019","unstructured":"Akram, A., Sawalha, L.: A survey of computer architecture simulation techniques and tools. IEEE Access 7, 78,120-78,145 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2917698","journal-title":"IEEE Access"},{"issue":"2","key":"577_CR27","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1109\/2.982917","volume":"35","author":"T Austin","year":"2002","unstructured":"Austin, T., Larson, E., Ernst, D.: Simplescalar: an infrastructure for computer system modeling. Computer 35(2), 59\u201367 (2002). https:\/\/doi.org\/10.1109\/2.982917","journal-title":"Computer"},{"key":"577_CR28","doi-asserted-by":"publisher","unstructured":"Kim, H.K., Kim, H.S., Eun, C.M., Cho, H.H., Jeong, O.H.: A high-performance branch predictor design considering memory capacity limitations. In: 2017 International Conference on Circuits, System and Simulation (ICCSS), pp 49\u201353, https:\/\/doi.org\/10.1109\/CIRSYSSIM.2017.8023180 (2017)","DOI":"10.1109\/CIRSYSSIM.2017.8023180"},{"key":"577_CR29","doi-asserted-by":"publisher","unstructured":"Arora, H., Bhatia, U., Pandita, S.: Comparative study of different cache models on simplescalar architecture. In: Fourth International Conference on Advances in Recent Technologies in Communication and Computing (ARTCom2012), pp 302\u2013304. https:\/\/doi.org\/10.1049\/cp.2012.2555 (2012)","DOI":"10.1049\/cp.2012.2555"},{"key":"577_CR30","doi-asserted-by":"publisher","unstructured":"Du, Z., Xia, B., Qiao, F., Yang, H.: System-level evaluation of video processing system using simplescalar-based multi-core processor simulator. In: 2011 Tenth International Symposium on Autonomous Decentralized Systems, pp 256\u2013259.https:\/\/doi.org\/10.1109\/ISADS.2011.34 (2011)","DOI":"10.1109\/ISADS.2011.34"},{"key":"577_CR31","unstructured":"QEMU.: QEMU. https:\/\/www.qemu.org\/ (2019). Accessed 21 Aug 2021"},{"key":"577_CR32","unstructured":"VirusTota.: VirusTotal. https:\/\/www.virustotal.com\/gui\/home\/upload (2020). Accessed 21 Aug 2021"},{"key":"577_CR33","unstructured":"GitHub (2018) GitHub\u2014micheloosterhof\/cowrie-dev. https:\/\/github.com\/micheloosterhof\/cowrie-dev. Accessed 21 Aug 2021"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00577-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00577-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00577-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,29]],"date-time":"2022-07-29T11:56:44Z","timestamp":1659095804000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00577-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,25]]},"references-count":33,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,8]]}},"alternative-id":["577"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00577-0","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2022,2,25]]},"assertion":[{"value":"25 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}