Hardware performance counter-based malware identification and detection with adaptive compressive sensing

Xueyang Wang, Sek Chai, Michael Isnardi, Sehoon Lim, Ramesh Karri

Research output: Contribution to journalArticlepeer-review

Abstract

Hardware Performance Counter-based (HPC) runtime checking is an effective way to identify malicious behaviors of malware and detect malicious modifications to a legitimate program's control flow. To reduce the overhead in the monitored system which has limited storage and computing resources, we present a "sample-locally-analyze-remotely" technique. The sampled HPC data are sent to a remote server for further analysis. To minimize the I/O bandwidth required for transmission, the fine-grained HPC profiles are compressed into much smaller vectors with Compressive Sensing. The experimental results demonstrate an 80% I/O bandwidth reduction after applying Compressive Sensing, without compromising the detection and identification capabilities.

Original languageEnglish (US)
Article number3
JournalACM Transactions on Architecture and Code Optimization
Volume13
Issue number1
DOIs
StatePublished - Mar 2016

Keywords

  • Compressive sensing
  • Hardware performance counters
  • Malware identification and detection

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'Hardware performance counter-based malware identification and detection with adaptive compressive sensing'. Together they form a unique fingerprint.

Cite this