TY - GEN
T1 - Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection?
AU - Rohan, Aditya
AU - Basu, Kanad
AU - Karri, Ramesh
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/12
Y1 - 2019/12
N2 - Signature and behavior-based anti-virus systems (AVS) are traditionally used to detect Malware. However, these AVS fail to catch metamorphic and polymorphic Malware-which can reconstruct themselves every generation or every instance. We introduce two Machine learning (ML) approaches on system state + instruction sequences-which use hardware debug data-to detect such challenging Malware. Our experiments on hundreds of Intel Malware samples show that the techniques either alone or jointly detect Malware with ≥ 99.5% accuracy.
AB - Signature and behavior-based anti-virus systems (AVS) are traditionally used to detect Malware. However, these AVS fail to catch metamorphic and polymorphic Malware-which can reconstruct themselves every generation or every instance. We introduce two Machine learning (ML) approaches on system state + instruction sequences-which use hardware debug data-to detect such challenging Malware. Our experiments on hundreds of Intel Malware samples show that the techniques either alone or jointly detect Malware with ≥ 99.5% accuracy.
KW - Debug Hardware
KW - Hardware Performance Counters
KW - Instruction Sequencing
KW - Malware
UR - http://www.scopus.com/inward/record.url?scp=85078350580&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85078350580&partnerID=8YFLogxK
U2 - 10.1109/ATS47505.2019.00007
DO - 10.1109/ATS47505.2019.00007
M3 - Conference contribution
AN - SCOPUS:85078350580
T3 - Proceedings of the Asian Test Symposium
SP - 61
EP - 66
BT - Proceedings - 2019 IEEE 28th Asian Test Symposium, ATS 2019
PB - IEEE Computer Society
T2 - 28th IEEE Asian Test Symposium, ATS 2019
Y2 - 10 December 2019 through 13 December 2019
ER -