基于硬件的零日恶意软件精确检测的深度神经网络和迁移学习

Proceedings of the Great Lakes Symposium on VLSI 2022 Pub Date : 2022-06-06 DOI:10.1145/3526241.3530326

Z. He, Amin Rezaei, H. Homayoun, H. Sayadi

{"title":"基于硬件的零日恶意软件精确检测的深度神经网络和迁移学习","authors":"Z. He, Amin Rezaei, H. Homayoun, H. Sayadi","doi":"10.1145/3526241.3530326","DOIUrl":null,"url":null,"abstract":"In recent years, security researchers have shifted their attentions to the underlying processors' architecture and proposed Hardware-Based Malware Detection (HMD) countermeasures to address inefficiencies of software-based detection methods. HMD techniques apply standard Machine Learning (ML) algorithms to the processors' low-level events collected from Hardware Performance Counter (HPC) registers. However, despite obtaining promising results for detecting known malware, the challenge of accurate zero-day (unknown) malware detection has remained an unresolved problem in existing HPC-based countermeasures. Our comprehensive analysis shows that standard ML classifiers are not effective in recognizing zero-day malware traces using HPC events. In response, we propose Deep-HMD, a two-stage intelligent and flexible approach based on deep neural network and transfer learning, for accurate zero-day malware detection based on image-based hardware events. The experimental results indicate that our proposed solution outperforms existing ML-based methods by achieving a 97% detection rate (F-Measure and Area Under the Curve) for detecting zero-day malware signatures at run-time using the top 4 hardware events with a minimal false positive rate and no hardware redesign overhead.","PeriodicalId":188228,"journal":{"name":"Proceedings of the Great Lakes Symposium on VLSI 2022","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Deep Neural Network and Transfer Learning for Accurate Hardware-Based Zero-Day Malware Detection\",\"authors\":\"Z. He, Amin Rezaei, H. Homayoun, H. Sayadi\",\"doi\":\"10.1145/3526241.3530326\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, security researchers have shifted their attentions to the underlying processors' architecture and proposed Hardware-Based Malware Detection (HMD) countermeasures to address inefficiencies of software-based detection methods. HMD techniques apply standard Machine Learning (ML) algorithms to the processors' low-level events collected from Hardware Performance Counter (HPC) registers. However, despite obtaining promising results for detecting known malware, the challenge of accurate zero-day (unknown) malware detection has remained an unresolved problem in existing HPC-based countermeasures. Our comprehensive analysis shows that standard ML classifiers are not effective in recognizing zero-day malware traces using HPC events. In response, we propose Deep-HMD, a two-stage intelligent and flexible approach based on deep neural network and transfer learning, for accurate zero-day malware detection based on image-based hardware events. The experimental results indicate that our proposed solution outperforms existing ML-based methods by achieving a 97% detection rate (F-Measure and Area Under the Curve) for detecting zero-day malware signatures at run-time using the top 4 hardware events with a minimal false positive rate and no hardware redesign overhead.\",\"PeriodicalId\":188228,\"journal\":{\"name\":\"Proceedings of the Great Lakes Symposium on VLSI 2022\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Great Lakes Symposium on VLSI 2022\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3526241.3530326\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Great Lakes Symposium on VLSI 2022","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3526241.3530326","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

近年来，安全研究人员将注意力转移到底层处理器的架构上，并提出了基于硬件的恶意软件检测(HMD)对策，以解决基于软件的检测方法效率低下的问题。HMD技术将标准机器学习(ML)算法应用于处理器从硬件性能计数器(HPC)寄存器收集的低级事件。然而，尽管在检测已知恶意软件方面取得了有希望的结果，但在现有的基于高性能计算的对策中，准确的零日(未知)恶意软件检测仍然是一个未解决的问题。我们的综合分析表明，标准ML分类器在使用HPC事件识别零日恶意软件跟踪方面并不有效。为此，我们提出了一种基于深度神经网络和迁移学习的两阶段智能灵活方法deep - hmd，用于基于图像硬件事件的零日恶意软件准确检测。实验结果表明，我们提出的解决方案优于现有的基于ml的方法，通过使用前四个硬件事件在运行时检测零日恶意软件签名，达到97%的检测率(F-Measure和曲线下面积)，具有最小的误报率和无硬件重新设计开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Deep Neural Network and Transfer Learning for Accurate Hardware-Based Zero-Day Malware Detection

In recent years, security researchers have shifted their attentions to the underlying processors' architecture and proposed Hardware-Based Malware Detection (HMD) countermeasures to address inefficiencies of software-based detection methods. HMD techniques apply standard Machine Learning (ML) algorithms to the processors' low-level events collected from Hardware Performance Counter (HPC) registers. However, despite obtaining promising results for detecting known malware, the challenge of accurate zero-day (unknown) malware detection has remained an unresolved problem in existing HPC-based countermeasures. Our comprehensive analysis shows that standard ML classifiers are not effective in recognizing zero-day malware traces using HPC events. In response, we propose Deep-HMD, a two-stage intelligent and flexible approach based on deep neural network and transfer learning, for accurate zero-day malware detection based on image-based hardware events. The experimental results indicate that our proposed solution outperforms existing ML-based methods by achieving a 97% detection rate (F-Measure and Area Under the Curve) for detecting zero-day malware signatures at run-time using the top 4 hardware events with a minimal false positive rate and no hardware redesign overhead.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the Great Lakes Symposium on VLSI 2022

自引率

0.00%

发文量