Abstract
Hardware Performance Counter-based (HPC) runtime checking is an effective way to identify malicious behaviors of malware and detect malicious modifications to a legitimate program's control flow. To reduce the overhead in the monitored system which has limited storage and computing resources, we present a "sample-locally-analyze-remotely" technique. The sampled HPC data are sent to a remote server for further analysis. To minimize the I/O bandwidth required for transmission, the fine-grained HPC profiles are compressed into much smaller vectors with Compressive Sensing. The experimental results demonstrate an 80% I/O bandwidth reduction after applying Compressive Sensing, without compromising the detection and identification capabilities.
Original language | English (US) |
---|---|
Article number | 3 |
Journal | ACM Transactions on Architecture and Code Optimization |
Volume | 13 |
Issue number | 1 |
DOIs | |
State | Published - Mar 2016 |
Keywords
- Compressive sensing
- Hardware performance counters
- Malware identification and detection
ASJC Scopus subject areas
- Software
- Information Systems
- Hardware and Architecture