Hardware Performance Counter-Based Malware Identification and Detection with Adaptive Compressive Sensing.
TACO(2016)
摘要
Hardware Performance Counter-based (HPC) runtime checking is an effective way to identify malicious behaviors of malware and detect malicious modifications to a legitimate program’s control flow. To reduce the overhead in the monitored system which has limited storage and computing resources, we present a “sample-locally-analyze-remotely” technique. The sampled HPC data are sent to a remote server for further analysis. To minimize the I/O bandwidth required for transmission, the fine-grained HPC profiles are compressed into much smaller vectors with Compressive Sensing. The experimental results demonstrate an 80% I/O bandwidth reduction after applying Compressive Sensing, without compromising the detection and identification capabilities.
更多查看译文
关键词
Hardware performance counters,compressive sensing,malware identification and detection
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络