Abstract
Hardware Performance Counter-based (HPC) runtime checking is an effective way to identify malicious behaviors of malware and detect malicious modifications to a legitimate program's control flow. To reduce the overhead in the monitored system which has limited storage and computing resources, we present a "sample-locally-analyze-remotely" technique. The sampled HPC data are sent to a remote server for further analysis. To minimize the I/O bandwidth required for transmission, the fine-grained HPC profiles are compressed into much smaller vectors with Compressive Sensing. The experimental results demonstrate an 80% I/O bandwidth reduction after applying Compressive Sensing, without compromising the detection and identification capabilities.
Author supplied keywords
Cite
CITATION STYLE
Wang, X., Chai, S., Isnardi, M., Lim, S., & Karri, R. (2016). Hardware performance counter-based malware identification and detection with adaptive compressive sensing. ACM Transactions on Architecture and Code Optimization, 13(1). https://doi.org/10.1145/2857055
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
