Can Monitoring System State + Counting Custom Instruction Sequences Aid Malware Detection?

Signature and behavior-based anti-virus systems (AVS) are traditionally used to detect Malware. However, these AVS fail to catch metamorphic and polymorphic Malware-which can reconstruct themselves every generation or every instance. We introduce two Machine learning (ML) approaches on system state + instruction sequences - which use hardware debug data - to detect such challenging Malware. Our experiments on hundreds of Intel Malware samples show that the techniques either alone or jointly detect Malware with ≥ 99.5% accuracy.