Anti-virus software (AVS) tools are used to detect Malware in a system. However, AVS are vulnerable to attacks. A malicious entity can exploit these vulnerabilities to subvert the AVS. Recently, hardware components like Hardware Performance Counters (HPC) have been used for Malware detection. In this paper, we propose PREEMPT, a zero overhead, high-accuracy, low-latency technique to detect Malware by re-purposing embedded trace buffer (ETB), a debug hardware component available in most modern processors. The ETB is used for post-silicon validation and debug and allows us to control and monitor the internal activities of a chip, beyond what is provided by the Input/Output pins. PREEMPT combines these hardware-level observations with machine learning-based classifiers to preempt Malware before it causes damage. The benefits of re-using ETB for Malware detection include the increased robustness against attacks and no performance penalties. PREEMPT can detect Malware on an OpenSPARC T1 core running Linux operating system with a F1-score of 96.6%.
|Original language||English (US)|
|Journal||IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems|
|State||Accepted/In press - 2021|
- Program processors
ASJC Scopus subject areas
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering