Affiliation:
1. Columbia University, NY
Abstract
The proliferation of computers in any domain is followed by the proliferation of malware in that domain. Systems, including the latest mobile platforms, are laden with viruses, rootkits, spyware, adware and other classes of malware. Despite the existence of anti-virus software, malware threats persist and are growing as there exist a myriad of ways to subvert anti-virus (AV) software. In fact, attackers today exploit bugs in the AV software to break into systems.
In this paper, we examine the feasibility of building a malware detector in hardware using existing performance counters. We find that data from performance counters can be used to identify malware and that our detection techniques are robust to minor variations in malware programs. As a result, after examining a small set of variations within a family of malware on Android ARM and Intel Linux platforms, we can detect many variations within that family. Further, our proposed hardware modifications allow the malware detector to run securely beneath the system software, thus setting the stage for AV implementations that are simpler and less buggy than software AV. Combined, the robustness and security of hardware AV techniques have the potential to advance state-of-the-art online malware detection.
Funder
Division of Computing and Communication Foundations
Synopsys
Microsoft Research
Air Force Office of Scientific Research
WindRiver Corp
Alfred P. Sloan Foundation
Defense Advanced Research Projects Agency
Xilinx
Publisher
Association for Computing Machinery (ACM)
Reference26 articles.
1. Trend Micro Corporation "Russian underground." Trend Micro Corporation "Russian underground."
2. Stuxnet: Dissecting a Cyberwarfare Weapon
Cited by
116 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献