HPC-Based Malware Detectors Actually Work: Transition to Practice After a Decade of Research

Charalambos Konstantinou, Xueyang Wang, Prashanth Krishnamurthy, Farshad Khorrami, Michail Maniatakos, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


For the first time in 2011, researchers proposed using Hardware Performance Counters (HPCs) that are built into all processors as a pragmatic yet zero-cost solution for security. Online monitoring of HPCs can defend against malware using anomaly detection. Over the last decade, HPC-based malware detection transitioned from academic research through government transition to industry adoption. We outline this evolution by presenting use cases on critical power grid infrastructure protection as part of DARPA RADICS program, as well as describing how HPCs are utilized within Intel’s HPC-based Threat Detection Technology (TDT), which is further used by Microsoft Defender for Endpoint.

Original languageEnglish (US)
Pages (from-to)23-32
Number of pages10
JournalIEEE Design and Test
Issue number4
StatePublished - Aug 1 2022


  • Cybersecurity
  • Embedded systems
  • Hardware performance counters
  • Malware detection
  • Transition to practice

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering


Dive into the research topics of 'HPC-Based Malware Detectors Actually Work: Transition to Practice After a Decade of Research'. Together they form a unique fingerprint.

Cite this