Evaluation of implementability in a malware detection mechanism using processor information

Currently, software implementation is the mainstream approach for anti-malware measures. However, software-based anti-malware measures are difficult to implement in Internet of Things devices with limited hardware resources. To solve this problem, a malware detection mechanism that can be realized with only hardware has been proposed. The hardware mechanism consists of three elements: an access-hit counter, dividers, and a classifier. The classifier is generated by a random forest and uses processor information as feature values. To reduce the hardware scale, a Hit Rate Table (HRTable) is introduced in place of the dividers. We propose methods of reducing the scale of hardware resources and synchronizing the CPU and the malware detection mechanism. This paper implements the proposed mechanism in hardware, simulates it while considering the delay caused by input/output to the HRTable, and evaluates the hardware scale of the proposed mechanism combined with RISC-V on a field-programmable gate array (FPGA).