Toward Hardware-Assisted Malware Detection Utilizing Explainable Machine Learning: A Survey

Hardware joined the battle against malware by introducing secure boot architectures, malware-aware processors, and trusted platform modules. Hardware performance indicators, power profiles, and side channel information can be leveraged at run-time via machine learning for continuous monitoring and protection. The explainability of these machine learning algorithms may play a crucial role in interpreting their results and avoiding false positives. In this paper, we present an eagle eye on the state of the art of these components: we examine secure architectures and malware-aware processors, such as those implemented in the RISC-V Instruction Set Architecture and Reduced Instruction Set Computer (RISC). We categorize hardware-assisted solutions increased by machine learning for classification. We survey recently proposed software-assisted and hardware-assisted explainability algorithms in our context. In the discussion, we suggest that (1) safe architectures that guarantee secure device boot are a must, (2) Side-channel approaches are challenging to integrate into embedded systems, yet they show promise in terms of efficiency, (3) malware-aware processors provide valuable features for malware detection software, and (4) Without explainability, malware detection software is error-prone and can be easily bypassed.