Malware detection using hardware performance counters on RISC-V based cloud servers

Nowadays, cloud computing is widely utilized in the IT industry to support critical infrastructure and services. Cloud services play a crucial role across private, public, and commercial sectors, where many are expected to operate continuously and support critical infrastructure. As cloud services become more essential, they face increasing security threats, both from known vulnerabilities and emerging challenges. To remain resilient, cloud infrastructures must be protected not only against familiar threats but also against unknown, evolving risks. As a result, ensuring robust security has become increasingly crucial. In this context, the RISC-V architecture has seen growing adoption for its flexibility and scalability in cloud environments. However, the increased use of this open-source hardware also amplifies the risk of sophisticated malware attacks targeting cloud infrastructure. This thesis focuses on the development of a hardware-based malware detection framework for RISC-V processors in cloud environments. By collecting and analyzing Hardware Performance Counter (HPC) data during the execution of applications and malware, a machine learning-based system is developed to differentiate between benign and malicious software. The methodology involves using the gem5 simulator to gather detailed HPC metrics from RISC-V processors running various applications and malware, followed by the application of multiple machine learning algorithms to classify software behavior. The thesis evaluates the effectiveness of different machine learning models. Preliminary results demonstrate the potential of combining HPC data with machine learning techniques to achieve over 80\% accuracy in malware detection. This approach could provide a lightweight and scalable solution for enhancing the security of cloud services using RISC-V architecture.