Hardware Performance Counter-Based Malware Identification and Detection with Adaptive Compressive Sensing

Autor: Sehoon Lim, Xueyang Wang, Sek M. Chai, Ramesh Karri, Michael Anthony Isnardi
Rok vydání: 2016
Předmět:
Zdroj: ACM Transactions on Architecture and Code Optimization. 13:1-23
ISSN: 1544-3973
1544-3566
DOI: 10.1145/2857055
Popis: Hardware Performance Counter-based (HPC) runtime checking is an effective way to identify malicious behaviors of malware and detect malicious modifications to a legitimate program’s control flow. To reduce the overhead in the monitored system which has limited storage and computing resources, we present a “sample-locally-analyze-remotely” technique. The sampled HPC data are sent to a remote server for further analysis. To minimize the I/O bandwidth required for transmission, the fine-grained HPC profiles are compressed into much smaller vectors with Compressive Sensing. The experimental results demonstrate an 80% I/O bandwidth reduction after applying Compressive Sensing, without compromising the detection and identification capabilities.
Databáze: OpenAIRE