Anomaly Detection for malware identification using Hardware Performance Counters
Alberto Garcia-Serrano
TL;DR
This paper proposes an anomaly detection method using hardware performance counters to identify malware, enabling detection of unknown threats without relying on pattern matching or supervised learning.
Contribution
It introduces a novel unsupervised anomaly detection approach leveraging hardware performance counters for malware identification.
Findings
Effective detection of unknown malware and APTs.
Applicable to various modern computing devices.
Enhances existing cybersecurity techniques.
Abstract
Computers are widely used today by most people. Internet based applications, like ecommerce or ebanking attracts criminals, who using sophisticated techniques, tries to introduce malware on the victim computer. But not only computer users are in risk, also smartphones or smartwatch users, smart cities, Internet of Things devices, etc. Different techniques has been tested against malware. Currently, pattern matching is the default approach in antivirus software. Also, Machine Learning is successfully being used. Continuing this trend, in this article we propose an anomaly based method using the hardware performance counters (HPC) available in almost any modern computer architecture. Because anomaly detection is an unsupervised process, new malware and APTs can be detected even if they are unknown.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Anomaly Detection Techniques and Applications