Journal
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 15, Issue -, Pages 512-525Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2019.2924549
Keywords
Hardware performance counter (HPC); malware; code execution; control flow graph (CFG); cyber security; code integrity verification
Funding
- National Science Foundation [1526405, 1513130]
- U.S. Office of Naval Research [N00014-15-1-2182, N00014-17-1-2006]
- Defense Advanced Research Projects Agency through the Air Force Research Laboratory (AFRL) [FA8750-16-C-0179]
- Direct For Computer & Info Scie & Enginr
- Division Of Computer and Network Systems [1526405] Funding Source: National Science Foundation
- Division Of Computer and Network Systems
- Direct For Computer & Info Scie & Enginr [1513130] Funding Source: National Science Foundation
Ask authors/readers for more resources
Malware can range from simple adware to stealthy kernel control-flow modifying rootkits. Although anti-virus software is popular, an ongoing cat-and-mouse cycle of anti-virus development and malware that thwarts the anti-virus has ensued. More recently, trusted hardware-based malware detection techniques are being developed on the premise that it is easier to bypass software-based defenses than hardware-based counterparts. One such approach is the use of hardware performance counters (HPCs) to detect malware for Linux and Android platforms. This paper, for the first time, presents an analytical framework to investigate the security provided by HPC-based malware detection techniques. The HPC readings are periodically monitored over the duration of the program execution for comparison with a golden HPC reading. We develop a mathematical framework to investigate the probability of malware detection, when HPCs are monitored at a pre-determined sampling interval. In other words, given a program, a set of HPCs, and a sampling rate, the framework can be employed to analyze the probability of malware detection.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available