Unsupervised Anomaly-based Malware Detection using Hardware Features

Download Now
Provided by: Columbia University
Topic: Hardware
Format: PDF
Recent works have shown promise in using micro-architectural execution patterns to detect malware programs. These detectors belong to a class of detectors known as signature based detectors as they catch malware by comparing a program's execution pattern (signature) to execution patterns of known malware programs. In this paper, the authors propose a new class of detectors - anomaly-based hardware malware detectors - that do not require signatures for malware detection, and thus can catch a wider range of malware including potentially novel ones. They use unsupervised machine learning to build pro les of normal program execution based on data from performance counters, and use these profiles to detect significant deviations in program behavior that occur as a result of malware exploitation.
Download Now

Find By Topic