Hardware Performance Counter-Based Malware Identification and Detection with Adaptive Compressive Sensing
Autor: | Sehoon Lim, Xueyang Wang, Sek M. Chai, Ramesh Karri, Michael Anthony Isnardi |
---|---|
Rok vydání: | 2016 |
Předmět: |
business.industry
Computer science 020206 networking & telecommunications 02 engineering and technology computer.software_genre 020202 computer hardware & architecture Identification (information) Compressed sensing Control flow Transmission (telecommunications) Hardware performance counter Hardware and Architecture Embedded system 0202 electrical engineering electronic engineering information engineering Bandwidth (computing) Malware Overhead (computing) business computer Software Information Systems |
Zdroj: | ACM Transactions on Architecture and Code Optimization. 13:1-23 |
ISSN: | 1544-3973 1544-3566 |
DOI: | 10.1145/2857055 |
Popis: | Hardware Performance Counter-based (HPC) runtime checking is an effective way to identify malicious behaviors of malware and detect malicious modifications to a legitimate program’s control flow. To reduce the overhead in the monitored system which has limited storage and computing resources, we present a “sample-locally-analyze-remotely” technique. The sampled HPC data are sent to a remote server for further analysis. To minimize the I/O bandwidth required for transmission, the fine-grained HPC profiles are compressed into much smaller vectors with Compressive Sensing. The experimental results demonstrate an 80% I/O bandwidth reduction after applying Compressive Sensing, without compromising the detection and identification capabilities. |
Databáze: | OpenAIRE |
Externí odkaz: |