Harnessing performance counters to detect malware using deep learning models
| Autor: | Omar Mohamed, Ciprian-Bogdan Chirila |
|---|---|
| Rok vydání: | 2022 |
| Zdroj: | SYSTEM THEORY, CONTROL AND COMPUTING JOURNAL. 2:40-49 |
| ISSN: | 2810-4099 2668-2966 |
| DOI: | 10.52846/stccj.2022.2.2.42 |
| Popis: | Computing systems are challenged by security exploits and malware. The following methods are used for detecting anomalies and discovering vulnerabilities in computing systems: malware aware processors, static program analysis, and dynamic program analysis. Online hardware to detect malware is not always a practical and scalable solution because of the costs. Automated static analysis tools have limited performance and detection capabilities that may not meet the criticality requirements of the project regarding static analysis methods. In the latest trends, dynamic analysis has overcome static analysis. Several approaches have been used to analyze performance counters in this sense. Performance counters are collected from both operating systems/software and processors/hardware and stored as time series: 1) in the presence and 2) in the absence of malware. For software performance counters (SPCs), fourteen deep learning models were used for time series classification, while for hardware perfornamce counters (HPCs), ten deep learning models were used. For SPCs two models were able to detect accurately malware in infected operating systems, while the rest tend to overfit the data. For HPCs three models were able to detect malware. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|