Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection?

Aditya Rohan, Kanad Basu, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Signature and behavior-based anti-virus systems (AVS) are traditionally used to detect Malware. However, these AVS fail to catch metamorphic and polymorphic Malware-which can reconstruct themselves every generation or every instance. We introduce two Machine learning (ML) approaches on system state + instruction sequences-which use hardware debug data-to detect such challenging Malware. Our experiments on hundreds of Intel Malware samples show that the techniques either alone or jointly detect Malware with ≥ 99.5% accuracy.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE 28th Asian Test Symposium, ATS 2019
PublisherIEEE Computer Society
Pages61-66
Number of pages6
ISBN (Electronic)9781728126951
DOIs
StatePublished - Dec 2019
Event28th IEEE Asian Test Symposium, ATS 2019 - Kolkata, India
Duration: Dec 10 2019Dec 13 2019

Publication series

NameProceedings of the Asian Test Symposium
Volume2019-December
ISSN (Print)1081-7735

Conference

Conference28th IEEE Asian Test Symposium, ATS 2019
CountryIndia
CityKolkata
Period12/10/1912/13/19

Keywords

  • Debug Hardware
  • Hardware Performance Counters
  • Instruction Sequencing
  • Malware

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection?'. Together they form a unique fingerprint.

  • Cite this

    Rohan, A., Basu, K., & Karri, R. (2019). Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection? In Proceedings - 2019 IEEE 28th Asian Test Symposium, ATS 2019 (pp. 61-66). [8949418] (Proceedings of the Asian Test Symposium; Vol. 2019-December). IEEE Computer Society. https://doi.org/10.1109/ATS47505.2019.00007