HUND: Enhancing Hardware Performance Counter Based Malware Detection Under System Resource Competition Using Explanation Method.

Hardware performance counter (HPC) has been widely used in malware detection because of its low access overhead and the ability of revealing dynamic behavior during program's execution. However, HPC based malware detection (HMD) suffers from performance decline due to HPC's non- determinism caused by resource competition. Current work enables malware detection under resource competition but still leaves misclassifications. In this paper, we propose HUND, a framework for improving the detection ability of HMD models under resource competition. To this end, we first introduce an explanation module to make the program's prediction interpretable and accurate on the whole. We then design a rectification module for troubleshooting HMDMs' errors by generating modified samples and lowering the effects of false classified instances on model decision. We evaluate HUND by performing HMD models two datasets of HPC-level behaviors. The experimental results show HUND explains HMDMs with high fidelity and HUND's effectiveness in troubleshooting the errors of HMDMs.