On the Feasibility of Online Malware Detection with Performance Counters
The proliferation of computers in any domain is followed by the proliferation of malware in that domain. Systems, including the latest mobile platforms, are laden with viruses, rootkits, spyware, adware and other classes of malware. Despite the existence of Anti-Virus software, malware threats persist and are growing as there exist a myriad of ways to subvert Anti-Virus (AV) software. In fact, attackers today exploit bugs in the AV software to break into systems. In this paper, the authors examine the feasibility of building a malware detector in hardware using existing performance counters. They find that data from performance counters can be used to identify malware and that their detection techniques are robust to minor variations in malware programs.