Malcore: Toward a practical malware identification system enhanced with manycore technology

Abstract

Many conventional control flow matching methods work well, but lead to obstructive latency for the operations as the number of malware variants has soared. Even though many researchers have proposed control flow matching methods, there is still a trade-off between accuracy and performance. To alleviate this trade-off, we present a system called MalCore, which is comprised of the following three novel mechanisms, each of which aims to provide a practical malware identification system: I-Filter for identical structured control flow string matching, table division to exclude unnecessary comparisons with some malware, and cognitive resource allocation for efficient parallelism. Our performance evaluation shows that the total performance improvement is 280.9 times. This work was undertaken on a real manycore computing platform called MN-MATE.