Design Alternatives for Performance Monitoring Counter based Malware Detection

2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC) Pub Date : 2020-11-06 DOI:10.1109/IPCCC50635.2020.9391559

Jordan Pattee, Byeong Kil Lee

{"title":"Design Alternatives for Performance Monitoring Counter based Malware Detection","authors":"Jordan Pattee, Byeong Kil Lee","doi":"10.1109/IPCCC50635.2020.9391559","DOIUrl":null,"url":null,"abstract":"Hardware-based malware detection is becoming increasingly important as software-based solutions can be easily compromised by attackers. Many of the existing hardware solutions are based on statistical learning blocks with processor behavioral information, which can be captured from the PMC (performance monitoring counters). The performance of the learning techniques relies primarily on the quality of data. However, due to the limited number of PMCs in a processor, only a few behavioral events can be monitored simultaneously. In this paper, we focus on multiple steps to investigate critical issues of PMC based malware detection: (i) statistical characterization of malware; (ii) distribution-based feature selection; (iii) trade-off analysis of complexity and accuracy; and (iv) design alternatives for PMC-based malware detection. Our experimental results show that the proposed detection scheme can provide highly accurate malware detection. As architectural implications, hardware acceleration as well as additional PMC registers are discussed for more accurate malware detection in real-time.","PeriodicalId":226034,"journal":{"name":"2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IPCCC50635.2020.9391559","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Hardware-based malware detection is becoming increasingly important as software-based solutions can be easily compromised by attackers. Many of the existing hardware solutions are based on statistical learning blocks with processor behavioral information, which can be captured from the PMC (performance monitoring counters). The performance of the learning techniques relies primarily on the quality of data. However, due to the limited number of PMCs in a processor, only a few behavioral events can be monitored simultaneously. In this paper, we focus on multiple steps to investigate critical issues of PMC based malware detection: (i) statistical characterization of malware; (ii) distribution-based feature selection; (iii) trade-off analysis of complexity and accuracy; and (iv) design alternatives for PMC-based malware detection. Our experimental results show that the proposed detection scheme can provide highly accurate malware detection. As architectural implications, hardware acceleration as well as additional PMC registers are discussed for more accurate malware detection in real-time.

查看原文本刊更多论文

基于恶意软件检测的性能监控计数器的设计方案

基于硬件的恶意软件检测变得越来越重要，因为基于软件的解决方案很容易被攻击者破坏。许多现有的硬件解决方案都基于带有处理器行为信息的统计学习块，这些信息可以从PMC(性能监视计数器)中捕获。学习技术的性能主要依赖于数据的质量。然而，由于处理器中的pmc数量有限，只能同时监视少数行为事件。在本文中，我们重点研究了基于PMC的恶意软件检测的关键问题:(i)恶意软件的统计特征;(ii)基于分布的特征选择;(iii)复杂性和准确性的权衡分析;以及(iv)基于pmc的恶意软件检测的设计替代方案。实验结果表明，所提出的检测方案能够提供高精度的恶意软件检测。在架构方面，我们讨论了硬件加速以及额外的PMC寄存器，以便更准确地实时检测恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)

自引率

0.00%

发文量