Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection?

Aditya Rohan, K. Basu, R. Karri
{"title":"Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection?","authors":"Aditya Rohan, K. Basu, R. Karri","doi":"10.1109/ATS47505.2019.00007","DOIUrl":null,"url":null,"abstract":"Signature and behavior-based anti-virus systems (AVS) are traditionally used to detect Malware. However, these AVS fail to catch metamorphic and polymorphic Malware-which can reconstruct themselves every generation or every instance. We introduce two Machine learning (ML) approaches on system state + instruction sequences – which use hardware debug data – to detect such challenging Malware. Our experiments on hundreds of Intel Malware samples show that the techniques either alone or jointly detect Malware with ≥ 99.5% accuracy.","PeriodicalId":258824,"journal":{"name":"2019 IEEE 28th Asian Test Symposium (ATS)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 28th Asian Test Symposium (ATS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ATS47505.2019.00007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5

Abstract

Signature and behavior-based anti-virus systems (AVS) are traditionally used to detect Malware. However, these AVS fail to catch metamorphic and polymorphic Malware-which can reconstruct themselves every generation or every instance. We introduce two Machine learning (ML) approaches on system state + instruction sequences – which use hardware debug data – to detect such challenging Malware. Our experiments on hundreds of Intel Malware samples show that the techniques either alone or jointly detect Malware with ≥ 99.5% accuracy.
监控系统状态+计数自定义指令序列可以帮助检测恶意软件吗?
基于签名和行为的反病毒系统(AVS)传统上用于检测恶意软件。然而,这些AVS无法捕获变形和多态恶意软件,这些恶意软件可以在每一代或每一个实例中自我重构。我们介绍了两种基于系统状态+指令序列的机器学习(ML)方法,它们使用硬件调试数据来检测此类具有挑战性的恶意软件。我们对数百个英特尔恶意软件样本的实验表明,这些技术单独或联合检测恶意软件的准确率≥99.5%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信