HPC-based Malware Detectors Actually Work: Transition to Practice After a Decade of Research

Charalambos Konstantinou, Xueyang Wang, Prashanth Krishnamurthy, Farshad Khorrami, Michail Maniatakos, Ramesh Karri

Research output: Contribution to journalArticlepeer-review

Abstract

For the first time in 2011, researchers proposed using Hardware Performance Counters (HPCs) that are built into all processors as a pragmatic yet zero-cost solution for security. Online monitoring of HPCs can defend against malware using anomaly detection. Over the last decade, HPC-based malware detection transitioned from academic research through government transition to industry adoption. We outline this evolution by presenting use cases on critical power grid infrastructure protection as part of DARPA RADICS program, as well as describing how HPCs are utilized within Intel’s HPC-based Threat Detection Technology (TDT), which is further used by Microsoft Defender for Endpoint.

Original languageEnglish (US)
JournalIEEE Design and Test
DOIs
StateAccepted/In press - 2022

Keywords

  • Detectors
  • Hardware performance counters
  • Malware
  • Microprogramming
  • Monitoring
  • Power grids
  • Program processors
  • Security
  • cybersecurity
  • embedded systems
  • malware detection
  • transition to practice

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'HPC-based Malware Detectors Actually Work: Transition to Practice After a Decade of Research'. Together they form a unique fingerprint.

Cite this